Tech News
Back to home
Technology

Shai-Hulud malware campaign dubbed 'the largest and most dangerous npm supply-chain compromise in history' — 'hundreds' of JavaScript packages affected

Source

Tom's Hardware

Published

TL;DR

AI Generated

The Shai-Hulud malware campaign, described as the largest and most dangerous npm supply-chain compromise in history, has affected hundreds of JavaScript packages, including popular libraries like @ctrl/tinycolor. The malware spreads autonomously and injects a script during installation that performs credential harvesting and persistence operations. It uses offensive security tools like TruffleHog and developer tooling like GitHub Actions to exfiltrate secrets and create backdoors, making it a significant threat. Security firms are providing lists of compromised npm packages and guidance on how organizations can respond to this widespread attack in the Node.js ecosystem.

Read Full Article

Similar Articles

Supply-chain attacks on open source software are getting out of hand

Supply-chain attacks on open source software are getting out of hand

Supply-chain attacks on open source software are escalating, with recent breaches targeting developer accounts and leading to the distribution of malicious packages to users. Security firm Socket reported a supply-chain attack on JavaScript code in the npm repository, where 10 packages from Toptal were infected with malware and downloaded by around 5,000 users before detection. This incident marks the third supply-chain attack on npm observed by Socket in a week. The hackers compromised Toptal's GitHub Organization to publish the malicious packages on npm.

Ars Technica
Dr. L.C. Lu on TSMC Advanced Technology Design Solutions

Dr. L.C. Lu on TSMC Advanced Technology Design Solutions

Dr. L.C. Lu, a key figure at TSMC, focuses on design-technology co-optimization, packaging innovations, and AI-driven methodologies for next-gen semiconductor systems. TSMC emphasizes DTCO and DDCL innovations for scaling from N5 to A14 nodes, with NanoFlex and NanoFlex Pro architectures offering efficiency gains. N2P and N2U nodes incorporate advanced DTCO and power delivery optimizations, with hybrid dual-rail architectures achieving significant energy savings. TSMC collaborates with EDA partners for AI integration, enhancing productivity and design quality. Advanced packaging technologies like CoWoS and SoIC play a crucial role in enabling AI scaling, with memory bandwidth and interconnect performance scaling aggressively. TSMC addresses power delivery and thermal management challenges in AI systems through advanced solutions. TSMC's advancements in design methodologies and AI-driven automation promise improved productivity and scalability in chip-package co-design.

SemiWiki
MindsEye's sabotage mission is being slammed as dull and pointless

MindsEye's sabotage mission is being slammed as dull and pointless

Build A Rocket Boy accuses individuals of sabotaging MindsEye's launch, spending over €1 million on damaging efforts. The studio integrates the controversy into a new in-game mission, Blacklist, to showcase evidence of sabotage to players. However, reports describe the mission as lackluster and failing to deliver a compelling narrative. Critics attribute the launch issues to internal problems, such as management and design decisions, casting doubt on the sabotage claims. The saga continues as MindsEye's post-launch turmoil unfolds.

TweakTown
3DPrint.com

The Additive Chicken Coop, Part II: Rescoping

The article discusses the second part of the Additive Chicken Coop project, focusing on rescaling the project. It highlights the challenges faced in enabling JavaScript and cookies to continue reading the content. The article provides insights into the technical aspects of the project and the strategies employed to address the issues encountered during the rescaling process.

3DPrint.com

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.