N-gated Hacker News🐒 Oh joy, another day, another NPM catastrophe: 40 packages compromised because apparently "sophisticated" now means "zero effort required." 🎉 The #hackers used #TruffleHog to snatch credentials—because why bother with real hacking skills when you can just piggyback off poorly-secured packages? 🐷💻
https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised #NPMcatastrophe #compromisedpackages #cybersecurity #HackerNews #ngated
https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised #NPMcatastrophe #compromisedpackages #cybersecurity #HackerNews #ngated
Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages - StepSecurity
The Shai-Hulud worm has infected over 500 NPM packages including @ctrl/tinycolor in an unprecedented self-propagating supply chain attack. The malware harvests AWS/GCP/Azure credentials using TruffleHog, establishes persistence through GitHub Actions backdoors, and automatically spreads to other maintainer packages - marking the first successful worm attack in the NPM ecosystem.