Dark Reading

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, ...
Security Boulevard

Shai-Hulud 2.0: over 14,000 secrets exposed

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
Infosecurity-magazine.com

Github: A Flexible Cloud Service Increasingly Exploited by State-Sponsored Threat Actors

According to the Netskope Cloud and Threat Report: 2022 Year In Review, cloud-delivered malware has continued rising over the past year, ending the last 12 months 10 points higher than in 2021.
Bleeping Computer

Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is ...
Cybernews

Shai-Hulud supply chain attacks back with a vengeance, impacting 28k GitHub repositories

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...
VentureBeat

IBM cloud launches Swift runtime, open-source AWS Lambda competitor, GitHub Enterprise, VMware support

IBM today announced new services available from its public cloud, thanks to deeper partnerships with Apple, GitHub, and VMware. IBM is also launching a new cloud service called Bluemix OpenWhisk that ...