Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embeddedRead More
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens [email protected] (The Hacker News)
by
Tags: