Shai-Hulud
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week.
GitHub pulls pin on npm's auto-run scripts
GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or...
Miasma worms its way onto GitHub as attack kit goes open source
As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours. SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named...
CrowdStrike, Google shatter Glassworm botnet
CrowdStrike, in collaboration with Google and the Shadowserver Foundation, successfully dismantled the Glassworm botnet, a sophisticated, self-propagating worm. This malware targeted developers by spreading through poisoned software packages and used complex infrastructure, including blockchain and Google Calendar, to evade detection. The coordinated takedown severed the attackers' command-and-control channels, mitigating the threat to the software development community.