CSO Online

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
CSOonline

GitHub package limit put law firm in security bind

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...