Mini Shai-Hulud: A persistent supply-chain worm
A new supply-chain attack has been identified, targeting multiple Node.js packages in SAP's namespace. The malware exploits CI environments to steal GitHub personal access tokens and propagate itself. This recent wave of attacks has compromised over 300 packages, including popular ones like OpenSearch and Mistral.
- ▪On April 29th, researchers detected compromised Node.js packages in SAP's namespace.
- ▪The attack has evolved to target more than 300 packages in a single wave, expanding its scope significantly.
- ▪Malicious versions of the OpenSearch and Mistral packages were removed shortly after their compromise.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 865016) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Dwayne McDaniel for GitGuardian Posted on May 26 • Originally published at blog.gitguardian.com Mini Shai-Hulud: A persistent supply-chain worm #security #supplychain #npm #securityresearch On April 29th, Aikido researchers detected multiple compromised Node.js packages in SAP's namespace today. The malware adapts to CI environments, steals GitHub personal access tokens, and uses them to self-propagate—a pattern consistent with recent supply-chain attacks.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
