MediaNama

Why CERT-In Is Warning Startups and IT Companies About Dune-Inspired Malware ‘Shai-Hulud’

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, noting the risk of a cyber threat campaign specifically targeting JavaScript’s node package manager (npm) ecosystem. The ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
Benzinga.com

3Ledger CTO Warns Of Ongoing NPM Supply Chain Attack, Advises Users...

Ledger Chief Technology Officer Charles Guillemet on Monday urged crypto users to take immediate precautions following what appears to be a large-scale supply chain cyberattack targeting the ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
Bleeping Computer

Ripple's recommended XRP library xrpl.js hacked to steal wallets

The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing ...
GitHub

Deno fails to import npm modules

deno 2.2.2 (stable, release, x86_64-unknown-linux-gnu) v8 13.4.114.9-rusty typescript 5.7.3 ... "imports": { "openai": "npm:openai@^4.86.1" } ... deno run --env-file ...
pv magazine International

Brazil raises solar module import duty from 9.6% to 25%

The Brazilian government has raised the import duty on solar modules from 9.6% to 25% this week. According to the Brazilian PV association ABSolar, this measure could undermine the country’s energy ...
PV Tech

Brazil increases import tariffs on solar modules to 25%

Brazil had already raised its import tax rate on solar modules to 9.6% on 1 January 2024. Image: Unsplash. The Brazilian government has raised the import tax rate on solar modules from 9.6% to 25%.
Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...