Storia in 7 fonti

Nuova ondata di attacchi colpisce centinaia di pacchetti npm

Attacco supply chain su npm: 314 pacchetti compromessi dal malware Mini Shai-Hulud e propagazione tra dipendenze.

Raccontata da

lunedì 18 maggio 2026·bleepingcomputer.com
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.
martedì 19 maggio 2026·infoworld.com
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
The largest incident yet is a warning that developers should urgently check package security, say experts.

martedì 19 maggio 2026·

thehackernews.com

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Mini Shai-Hulud hits @antv and echarts-for-react via npm maintainer compromise, exposing 1.1M weekly downloads to credential theft.

martedì 19 maggio 2026·

theregister.com

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings

martedì 19 maggio 2026·

bleepingcomputer.com

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign.

mercoledì 20 maggio 2026·

ilsoftware.it