First npm worm “Shai-Hulud” released in supply chain attack

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm behaviour into the JavaScript software registry, security firms say. Security vendor Wiz said malicious versions of multiple popular packages were published to npm, which not only harvest secrets, environment variables and cloud keys through the open source […]