New NPM supply-chain attack compromises major ENS and crypto libraries

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...
FinanceFeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul McCarty, who first flagged the activity. The end goal is quite unusual – ...
adtmag.com

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...