GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
Malware driving attack includes "dead man's switch" that can harm user data.
Read the full articleYou might also wanna read
Supply Chain Attack Compromises @immobiliarelabs Backstage npm Packages
Socket Threat Research reported a fresh Miasma Mini Shai-Hulud supply chain compromise that hit legitimate @immobiliarelabs Backstage npm pa
hendryadrian.com·20d agoShai-Hulud 2.0 npm Supply Chain Attack Technical Analysis
Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical
Supply Chain Attack Wave Targets npm Packages and Go Ecosystem via Mini Shai-Hulud Malware Family
Socket Threat Research is tracking a new supply chain attack wave tied to the Mini Shai-Hulud, Miasma, and Hades malware family, affecting L
hendryadrian.com·22d agoShai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outli

TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistra

Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack
A supply chain attack hit the ngx-bootstrap npm package, embedding malware to steal developer credentials. See affected versions (e.g., 20.0

Comments
Sign in to join the conversation.
No comments yet. Be the first.