Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Self-propagating worm fuels latest npm supply chain attack

  • Security researchers identified a self-propagating worm compromising at least 187 npm packages on September 16, 2025, in a large-scale supply chain attack.
  • The attack, named Shai-Hulud, evolved from a prior campaign affecting tinycolor and CrowdStrike-maintained packages, spreading via malicious JavaScript that steals credentials.
  • The injected payload downloads and runs TruffleHog to scan hosts for cloud and GitHub tokens, then creates unauthorized GitHub workflows exfiltrating secrets to attacker-controlled servers.
  • Eriksen stated that attackers "have upped their game" with this worm indicating clear intent, while npm promptly removed compromised versions to contain the breach.
  • Researchers advise auditing environments for unauthorized publishes, rotating tokens and secrets, and monitoring logs to prevent further spread and protect development pipelines.
Insights by Ground AI

17 Articles

FuturismFuturism
Lean Left

CrowdStrike Infested With "Self-Replicating Worms"

A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of self-replicating worms. As first reported by investigative cybersecurity journalist Brian Krebs, CrowdStrike once again became the launchpad for a potentially debilitating security hazard when some 25 code packages were compromised by a novel strand …

Read Full Article
The RegisterThe Register
Center

Self-propagating worm fuels latest npm supply chain attack

: Intrusions bear the same hallmarks as recent Nx mess

Read Full Article
BleepingComputerBleepingComputer
Center

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.

Read Full Article
iTnewsiTnews

First npm worm "Shai-Hulud" released in supply chain attack

Related to recent s1ngularity compromise.

Read Full Article
Security BoulevardSecurity Boulevard

Ongoing npm Software Supply Chain Attack Exposes New Risks

Last updated 7:00 p.m. ET on September 16, 2025 The post Ongoing npm Software Supply Chain Attack Exposes New Risks appeared first on Security Boulevard.

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Wormable Malware Causing Supply Chain Compromise of npm Code Packages

On September 15, 2025, reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by malware as part of a broader supply chain attack affecting over 40 packages initially, with the number rising to more than 180 according to Aikido’s blog. Upon further investigation, the first malicious package that was identified as compromised in … Wormable Malware Causing Supply Chain Compromise of npm Code Packages Introduction t…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Tuesday, September 16, 2025.
Sources are mostly out of (0)

Similar News Topics

CrowdStrike icon

CrowdStrike

News
For You
SearchBlindspotLocal