Get all your news in one place.

100's of premium titles.
One app.

Get all your news in one place.

100's of premium titles. One news app.

The Economic Times

Gandharv Walia

What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? Full explainer on npm malware spread

Microsoft NPM Socket Supply chain GitHub

What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new software supply chain attack has affected the npm ecosystem and raised concern across developer and security communities. The attack targeted packages linked to the @antv ecosystem and spread into downstream tools and applications. Security researchers confirmed that hundreds of malicious package versions were published in a short time window. The malware focused on credential theft and propagation through CI/CD pipelines and repositories. Microsoft Defender detected malicious activity, while Socket began investigating the compromised packages. The incident highlights risks in dependency management and automated package updates.

What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware?

The Mini Shai-Hulud npm supply chain attack is a malware campaign that used compromised npm accounts to publish infected package versions. These packages spread into many applications through dependencies and CI/CD pipelines. The malware focused on stealing credentials and spreading across repositories. Microsoft confirmed detections through Microsoft Defender, and Socket confirmed investigation of the compromised packages and the large attack wave affecting the @antv ecosystem.

Microsoft confirmed it is investigating an emerging npm supply chain attack targeting antv packages. The incident involves compromised packages, credential theft, and worm-like propagation across repositories and development environments.

Sign up to read this article

Read news from 100's of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

Chinese aircraft carrier kicks off drills in western Pacific amid tense Japan ties

Chinese aircraft carrier kicks off drills in western Pacific amid tense Japan ties

China's Liaoning aircraft carrier on Tuesday kicked off training that will include live-fire drills in the western Pacific, a move poised to draw attention from Japan amid tense bilateral ties.

California police officer charged over alleged possession of child sexual abuse material

California police officer charged over alleged possession of child sexual abuse material

The officer, a 25-year-old resident of Salinas, was placed on administrative leave late last year after his department referred the allegations to an outside task force

The Independent UK

Venezuela plans to free 300 people including some whose detentions are considered politically based

Venezuela plans to free 300 people including some whose detentions are considered politically based

Venezuela’s government plans to release 300 detainees this week, some held for political reasons

The Independent UK

New York woman dies after falling into open manhole after exiting car

New York woman dies after falling into open manhole after exiting car

A 56-year-old woman died after falling into an open maintenance hole on a busy Midtown Manhattan street, New York police and utility officials said on Tuesday, as authorities investigated how the incident occurred. The woman fell into the hole after parking her SUV near Fifth Avenue and East 52nd Street…

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Firm finds LA county officials did not discriminate in response to Eaton fire

Firm finds LA county officials did not discriminate in response to Eaton fire

Altadena group pans report as ‘pages of deflection’ and cites reliance on ‘department insiders’ rather than residents

The Guardian - US

NYC Health + Hospitals says mega data breach allowed hackers to steal personal data, medical records, and fingerprints scans of around 1.8 million people

NYC Health + Hospitals says mega data breach allowed hackers to steal personal data, medical records, and fingerprints scans of around 1.8 million people

Fingerprints and palm prints can never be changed, which makes this attack that much more dangerous.

Related Stories

Top stories on inkl right now

Chinese aircraft carrier kicks off drills in western Pacific amid tense Japan ties

Chinese aircraft carrier kicks off drills in western Pacific amid tense Japan ties

China's Liaoning aircraft carrier on Tuesday kicked off training that will include live-fire drills in the western Pacific, a move poised to draw attention from Japan amid tense bilateral ties.

California police officer charged over alleged possession of child sexual abuse material

California police officer charged over alleged possession of child sexual abuse material

The officer, a 25-year-old resident of Salinas, was placed on administrative leave late last year after his department referred the allegations to an outside task force

The Independent UK

Venezuela plans to free 300 people including some whose detentions are considered politically based

Venezuela plans to free 300 people including some whose detentions are considered politically based

Venezuela’s government plans to release 300 detainees this week, some held for political reasons

The Independent UK

New York woman dies after falling into open manhole after exiting car

New York woman dies after falling into open manhole after exiting car

A 56-year-old woman died after falling into an open maintenance hole on a busy Midtown Manhattan street, New York police and utility officials said on Tuesday, as authorities investigated how the incident occurred. The woman fell into the hole after parking her SUV near Fifth Avenue and East 52nd Street…

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Firm finds LA county officials did not discriminate in response to Eaton fire

Firm finds LA county officials did not discriminate in response to Eaton fire

Altadena group pans report as ‘pages of deflection’ and cites reliance on ‘department insiders’ rather than residents

The Guardian - US

NYC Health + Hospitals says mega data breach allowed hackers to steal personal data, medical records, and fingerprints scans of around 1.8 million people

NYC Health + Hospitals says mega data breach allowed hackers to steal personal data, medical records, and fingerprints scans of around 1.8 million people

Fingerprints and palm prints can never be changed, which makes this attack that much more dangerous.

Our Picks

Bryson DeChambeau questions moon landing footage but believes in interdimensional beings ‘for sure’

The two-time major champion has questioned whether footage of the moon landings are genuine

The Guardian - US

'The Mandalorian and Grogu' clip reveals how Mando gets his Razor Crest spaceship back (video)

'Well, let’s call it an advance on the next mission.'

'You Were Merciless.' Emily Blunt On The Amazing Cut Devil Wears Prada Line She'll Never, Ever Forget

Even the quote outtakes are amazing!

Keke Palmer Refreshes Her White Button-Down Shirt With a Taylor Swift-Approved Trend

It's having a moment.

The Mandalorian and Grogu Fortnite collaboration is "a very first step" of what Jon Favreau thinks is "going to be a much larger project"

Exclusive: Jon Favreau opens up on The Mandalorian and Grogu's partnership with Epic to bring an immersive Fortnite experience to life

Monkey Business: Primate sales over social media are on the rise across the US, report reveals

Twelve different species were found for sale online with prices ranging from $250 to $6,500

The Independent UK

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play