Why CERT-In is warning startups and IT firms about ‘Shai-Hulud,’ a Dune-inspired malware

India’s cybersecurity agency warns of a fast-spreading npm supply chain worm, urging startups and ITes firms to secure ...

GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.