A sophisticated supply chain worm swept through the npm ecosystem on May 19, 2026, compromising at least 633 malicious package versions across hundreds of packages in under an hour, for the first time. Endor Labs first detected the campaign at 01:39 UTC when [email protected] was published, followed five minutes later by [email protected]. Both packages had been dormant for […]
The post 600+ npm Packages Hit in Mini Shai-Hulud Supply Chain Attack appeared first on Cyber Security News.