ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
MediaNama

Why CERT-In Is Warning Startups and IT Companies About Dune-Inspired Malware ‘Shai-Hulud’

CERT-In has issued an advisory warning of Shai-Hulud malware that targets JavaScript’s Node Package Manager (npm) ecosystem ...
The Hacker News

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Researchers expose new WordPress malware and ClickFix phishing kits exploiting cache smuggling for stealth attacks.

Exclusive: 'We will see more attacks' Ledger CTO warns after NPM breach

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

Hackers exploited Zimbra flaw as zero-day using iCalendar files

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in ...
InfoWorld

Chainguard offers malware-resistant JavaScript libraries

Responding to recent NPM malware attacks, Chainguard Libraries for JavaScript seeks to address security vulnerabilities in ...