Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack
Malware and Vulnerabilities
September 17, 2025
helpnetsecurity
A self-replicating JavaScript worm named Shai-Hulud has compromised over 180 npm packages in a rapidly evolving supply chain attack. The worm targets npm developers, leveraging stolen credentials to propagate itself and exfiltrate sensitive data.
Read More
Shai-hulud
TruffleHog
Publisher
Previous
A DHS Data Hub Exposed Sensitive Intel to Thousands of ...
Breaches and Incidents
Next
Apple backports fix for actively exploited CVE-2025-433 ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock-637264392.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/13c1_shutterstock_2459410447.jpg)
