Shai Hulud 2.0, now with a wiper flavor

In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and Kaspersky published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud Read More …

“Shai-Hulud” Worm Compromises npm Ecosystem in Supply Chain Attack

Palo Alto Networks Unit 42 is investigating an active and widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem. A novel, self-replicating worm, which is currently being tracked as “Shai-Hulud,” is responsible for the compromise of over Read More …