A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

Security researchers have spotted what they think is the world's first malicious model context protocol (MCP) server, made ...

Lagos Police have begun strict enforcement of tinted glass permits, with CP Olohundare Jimoh personally leading the operation ...

A worm-like campaign named Shai-Hulud has been flagged, targeting widely used packages and propagating itself by harvesting secrets and inserting backdoors. It operates across npm accounts, installing ...

SEAL has recognized 29 crypto companies for adopting its Safe Harbor agreement, which gives white hat hackers legal protection to recover user funds during exploits, saving billions.

A coalition of open-source stewards warns that the software industry’s reliance on goodwill to maintain critical ...

CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.

If you needed another reminder that our software supply chains are only as strong as their smallest link, the JavaScript ecosystem delivered it. In early September, attackers phished the NPM account ...

CERT-In has issued an advisory warning of Shai-Hulud malware that targets JavaScript’s Node Package Manager (npm) ecosystem ...

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...

India’s cybersecurity agency warns of a fast-spreading npm supply chain worm, urging startups and ITes firms to secure credentials and audit dependencies.

Various IT security companies are warning of new attacks on the npm ecosystem around node.js. Several dozen packages (at least 40, in one report as many as 150) are infected with malware that steals ...