Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...