Cyber Security

Self-spreading npm malware targets developers in new supply chain attack

Self-spreading npm malware targets developers in new supply chain attack

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm builds on Shai-Hulud’s playbook After last year’s bombshell appearance of the self-replicating “Shai-Hulud” worm on the official npm registry, the … More

The post Self-spreading npm malware targets developers in new supply chain attack appeared first on Help Net Security.

Read More

Related Posts

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Lazarus Group Uses Medusa Ransomware in Middle East and...

Aikido Infinite introduces continuous, self-remediating AI penetration testing

Aikido Infinite introduces continuous, self-remediating...

Microsoft expands Sovereign Cloud security with governance, local productivity and AI

Microsoft expands Sovereign Cloud security with governa...

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic Says Chinese AI Firms Used 16 Million Claude ...

More Than Dashboards: AI Decisions Must Be Provable

More Than Dashboards: AI Decisions Must Be Provable

Teenagers charged over public bike service breach that exposed 4.62 million records

Teenagers charged over public bike service breach that ...