Mastodawn

Worm operators don't work in Perl, apparently:

$ perl -E 'say int(-int(~(int(13))))'
-1.84467440737096e+19

#ShaiHulud #Chrysknife

13 5d ago

This Week in Security: Microsoft on Microsoft, Register Your Domains, Linux on ARM, and FreeBSD Joins the File Cache Club https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/
#HackadayColumns #SecurityHacks #Freebsd #Github #MIasma #Microsoft #NightmareEclipse #NPM #PatchTuesday #PyPI #Security #Shaihulud #ThisWeekinSecurity #Vscode

This Week In Security: Microsoft On Microsoft, Register Your Domains, Linux On ARM, And FreeBSD Joins The File Cache Club

Supply chain attacks continue, with Microsoft’s own open source Azure repositories being automatically disabled by GitHub following a compromise of the packages by the Miasma worm. OpenSource…

Hackaday

Hackaday [Unofficial]5d ago

This Week in Security: Microsoft on Microsoft, Register Your Domains, Linux on ARM, and FreeBSD Joins the File Cache Club

https://fed.brid.gy/r/https://hackaday.com/2026/06/12/this-week-in-security-microsoft-on-microsoft-register-your-domains-linux-on-arm-and-freebsd-joins-the-file-cache-club/

knoppix 6d ago

More than 30 Red Hat npm packages were backdoored in a supply-chain attack deploying Miasma malware to steal developer credentials, cloud secrets, SSH keys, and CI/CD tokens. 🔐
Researchers say the attack used a compromised GitHub account and npm publishing flows, underscoring risks in open-source supply chains. 📦

🔗 https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/

#TechNews #RedHat #npm #GitHub #Miasma #ShaiHulud #SupplyChain #OpenSource #Cybersecurity #Infosec #Security #DevOps #Linux #Malware #Developers

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma."

BleepingComputer

Abraham Samma🔬🔭 🇦🇺🇹🇿6d ago

Npm v12 will now switch off default post install script runs. Finally. #javascript #typescript #nodejs #npm #shaihulud

The New Oil Jun 10

New #ShaiHulud attack trojanizes 19 #science-focused #PyPI packages

https://www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/

#cybersecurity

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.

BleepingComputer

Daniel Marsh Jun 8

A new wave of the Shai-Hulud attack has been uncovered, targeting 19 PyPI packages vital for scientific computing. This campaign, tracked by Socket, uses Python's startup hooks and the Bun runtime to steal GitHub tokens, cloud credentials, and more. It highlights a critical vulnerability in the software supply chain that affects developers and researchers alike.

https://www.tpp.blog/2d4wjkk

#cybersecurity #shaihulud #pypi

🤖 This post was AI-generated.

Analyst207 Jun 8

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

https://osintsights.com/shai-hulud-malware-targets-python-packages-exposes-developer-secrets?utm_source=mastodon&utm_medium=social

#Shaihulud #Malware #SupplyChain #Python #Pypi

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Discover how Shai-Hulud malware targets Python packages, stealing developer secrets. Learn how to protect your projects from this supply-chain threat now.

OSINTSights