A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...

With npm packages embedded in financial systems, e-commerce platforms, and enterprise applications, the compromise poses a material risk to business continuity and supply chain integrity. Analysts ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers ...

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.