
Shai-Hulud Campaign Abuses node-gyp Rebuild to Execute Credential-Stealing npm Payloads
JFrog Security Research has discovered a new wave of the Shai-Hulud malware campaign targeting the npm ecosystem. This latest attack compromises 20 packages in the Leo/RStreams framework, an AWS-native event streaming platform widely used in cloud infrastructure. Generating roughly 45,000 downloads in the past month, these malicious packages aim to steal highly sensitive developer credentials. […]
The post Shai-Hulud Campaign Abuses node-gyp Rebuild to Execute Credential-Stealing npm Payloads appeared first on Cyber Security News.