A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting ...

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

So far, according to recent court filings, the DOJ has already terminated monitorships for three firms that agreed to them under the Biden administration. Additionally, prosecutors stated they would ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

DPRK used ClickFix to deliver compiled BeaverTail to crypto marketers; Windows build used password-protected archives, ...