Cybernews

New Shai-Hulud 3.0 variant discovered, closing out 2025 with a malware bang

A new strain of the Shai Hulud worm is discovered by researchers, signaling the self-propagating supply chain threat ...
PC Magazine

YouTube TV to Add 10 Genre-Specific Plans. Will They Actually Be Cheaper?

YouTube TV will add 10 genre-specific plans next year, starting with one dedicated to sports. The idea is to allow people to subscribe to channels or genres they watch most. If you don't want to pay ...
Deadline.com

YouTube TV Is Adding 10 Genre-Specific Subscription Plans, Including A Sports Bundle

YouTube TV says it will begin offering cheaper, more targeted packages of programming starting early next year. YouTube TV Plans, a collection of 10 different packages, are designed to offer “more ...
Bleeping Computer

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. Approximately 640 NPM packages have been infected with a ...
Dark Reading

150,000 Packages Flood NPM Registry in Token Farming Campaign

Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...
Infosecurity-magazine.com

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages. Dubbed “IndonesianFoods” due to the unique naming ...
SecurityWeek

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names. A threat actor has published tens of thousands of malicious NPM packages ...
CSOonline

Malicious packages in npm evade dependency detection through invisible URL links: Report

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...
Ars Technica

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...