Storia in 7 fonti

Shai-Hulud copycat worm infects yet another npm package

Plus three other stealers in three other packages, all from the same scumbag

Raccontata da

lunedì 18 maggio 2026·thehackernews.com
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
4 malicious npm packages with 3,006 downloads spread stealers and Phantom Bot, forcing removals and secret rotation.
lunedì 18 maggio 2026·bleepingcomputer.com
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.

lunedì 18 maggio 2026·

darkreading.com

Shai-Hulud Worm Clones Spread After Code Release

The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.

martedì 19 maggio 2026·

theregister.com

Shai-Hulud copycat worm infects yet another npm package

Plus three other stealers in three other packages, all from the same scumbag

martedì 19 maggio 2026·

thehackernews.com

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Mini Shai-Hulud hits @antv and echarts-for-react via npm maintainer compromise, exposing 1.1M weekly downloads to credential theft.

martedì 19 maggio 2026·

heise.de

npm-Wurm Shai-Hulud: Angriff der Klone

Die Malware-Autoren hinter dem npm-Wurm Shai-Hulud haben die Quelltexte veröffentlicht. Nun erscheinen die ersten Klone.

martedì 19 maggio 2026·

theregister.com

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings

martedì 19 maggio 2026·

bleepingcomputer.com

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign.

mercoledì 20 maggio 2026·

news.bitcoin.com

GitHub Worm Hits npm Packages With 16M Downloads

A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react,

mercoledì 20 maggio 2026·

securityweek.com

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Leaked Shai-Hulud malware fuels new npm infostealer campaign

Shai-Hulud Worm Clones Spread After Code Release

Shai-Hulud copycat worm infects yet another npm package

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

npm-Wurm Shai-Hulud: Angriff der Klone

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

New Shai-Hulud malware wave compromises 600 npm packages

GitHub Worm Hits npm Packages With 16M Downloads

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack