New NPM supply-chain attack compromises major ENS and crypto libraries

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely ...
FinanceFeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
adtmag.com

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...

Google exposes BadAudio malware used in APT24 espionage campaigns

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.