Monday, 24 November 2025

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

iT4iNT SERVER Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
"The campaign introduces a new variant that executes malicious VDS VPS Cloud


http://dlvr.it/TPRPGw
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

iT4iNT SERVER A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email cre...