Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://onehack.st/t/trivy-got-owned-and-spawned-a-self-replicating-npm-worm-47-packages-deep/319972 Trivy Got Owned and Spawned a Self-Replicating npm Worm — 47 Packages Deep - News & Articles -... Mar 22, 2026 - :fire: Trivy Got Owned and Spawned a Self-Replicating npm Worm — 47 Packages Deep A hardcoded secret, a blockchain dead drop, and a worm that vibe-coded itself... got ownedself replicatingnpm wormnews articlestrivy https://www.mend.io/blog/compromised-bitwarden-cli-npm-worm-ai-poisoning/ Compromised Bitwarden CLI Poisons AI Assistants and Spreads as npm Worm Apr 23, 2026 - A fake @bitwarden/cli package published to npm combines credential harvesting, a self-spreading npm worm, and a first-of-its-kind AI assistant poisoning... compromised bitwarden cliai assistantsnpm wormpoisonsspreads https://securelist.com/shai-hulud-2-0/118214/ Nothing to steal? Let’s wipe. We’re analyzing the Shai Hulud 2.0 npm worm | Securelist Dec 4, 2025 - Kaspersky researchers uncover new version of Shai Hulud nom worm, which attacks targets in Russia, India, Brazil, China and other countries, and has wiper... shai hulud 20 npmnothingstealwipe https://www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/ “IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages - Infosecurity Magazine Mar 17, 2026 - A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages npm worm44 000malicious packagesinfosecurity magazinepublishes https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm Apr 23, 2026 - Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages.... compromised bitwarden clishai huludself propagatingnpm wormback https://contolini.com/building-an-npm-worm Building an npm worm - Chris Contolini Building an npm virus via self-replicating lifecycle scripts. npm wormbuildingchris https://thecybersecurity.news/general-cyber-security-news/threatsday-bulletin-wi-fi-hack-npm-worm-defi-theft-phishing-blasts-and-15-more-stories-35116/ ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories | The... Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all... threatsday bulletinwi finpm wormhackdefi https://www.itsecuritynews.info/the-butlerian-jihad-compromised-bitwarden-cli-deploys-npm-worm-poisons-ai-assistants-and-dumps-github-secrets/ The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps... Mend.io tracks TeamPCP’s latest supply chain attack. The post The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps... compromised bitwarden clinpm wormai assistantsbutlerianjihad https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ The Shai-Hulud 2.0 npm worm: analysis, and what you need to know | Datadog Security Labs Learn more about the Shai-Hulud 2.0 npm worm. shai hulud 2datadog security labs0 npmwormanalysis https://www.infoworld.com/article/4136478/new-npm-worm-hits-ci-pipelines-and-ai-coding-tools.html New npm worm hits CI pipelines and AI coding tools | InfoWorld Feb 24, 2026 - Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism. ai coding toolsnpm wormci pipelinesnewhits https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and... shai hulud wormsupply chain attackupdated novembercompromisesnpm https://forums.theregister.com/forum/all/2026/04/22/another_npm_supply_chain_attack/ Another npm supply chain worm is tearing through dev environments • The Register Forums npm supply chaindev environmentsregister forumsanotherworm https://www.theregister.com/2026/04/22/another_npm_supply_chain_attack/ Another npm supply chain worm hits dev environments • The Register Apr 22, 2026 - : Plus, the payload references 'TeamPCP/LiteLLM method' npm supply chaindev environmentsanotherwormhits https://www.csoonline.com/article/4095578/new-shai-hulud-worm-spreading-through-npm-github.html New Shai-Hulud worm spreading through npm, GitHub | CSO Online Nov 24, 2025 - The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. shai hulud wormcso onlinenewspreadingnpm https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks. supply chain wormself propagatingnpm packageshijackssteal https://safedep.io/malicious-fairwords-npm-credential-worm/ @fairwords npm Packages Hit by Credential Worm - Real-time Open Source Software Supply Chain... Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other... real time opensource software supplynpm packageshitcredential