The number of incidents targeting DevOps platforms grew 21% in 2025, but the amount of downtime jumped almost 95%, the security firm said.
Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users
The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver a range of threats. Strapi is a popular open source headless Node.js content management system developers use to build, manage, and expose content […]
Second Coming of Shai-Hulud Cyberattack Ravages JavaScript Repositories
A major expansion of the self-propagating Shai-Hulud cyberattack aimed at popular node package managers (npms) used by JavaScript application developers is creating a major headache for DevSecOps teams around the globe. Based on what is being described as the “Second Coming” of Shai-Hulud, this version affects a much wider range of npms and is much […]
Chainguard Adds Curated Repository to Secure JavaScript Libraries
Chainguard launched curated JavaScript libra
ries built on the SLSA framework to secure software supply chains and protect against NPM malware risks.
Shai-Hulud Attacks Shake Software Supply Chain Security Confidence
Being the Dune groupie that I am, I couldn’t pass up the chance to comment on the “Shai-Hulud” NPM attacks. What a clever name for a worm attack. But as the saying goes, “the spice must flow,” so let’s have a look at what is going on here. The Backbone: What Is NPM (and Why […]