Threat Research

    "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

    The team investigated a renewed npm-focused compromise known as Shai-Hulud 2.0, first revealed in early November 2025. This campaign is far larger than before, impacting tens of thousands of GitHub repositories, including over 25,000 malicious repos tied to roughly 350 unique users....
    11/26/2025  0
    Read More »

    npm Account Hijacking and the Rise of Supply Chain Attacks

    Software supply chain attacks are surging, as seen in the "Shai-Hulud" worm targeting npm. Attackers are harvesting developer credentials to publish malicious packages. This highlights the need for strong authentication and strict access controls. A defense-in-depth strategy with monitoring and threat detection is vital....
    9/29/2025  0
    Read More »

    What We Know About the NPM Supply Chain Attack

    On September 15, attackers launched a targeted phishing campaign to compromise NPM maintainer accounts and inject malicious code into popular JavaScript packages. The attack enabled supply chain compromise, affecting key packages used in application development and cryptography....
    9/18/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.