Tag: CISA and GitHub

  • CISA and GitHub Respond to npm Supply Chain Compromise

    CISA and GitHub Respond to npm Supply Chain Compromise

    A massive npm supply chain compromise forced CISA and GitHub to take urgent action. A worm named Shai-Hulud spread through developer tools and infected packages, harvesting credentials and replicating itself across the JavaScript ecosystem. This breach shows how fragile open source supply chains can be. The Shai-Hulud Worm Researchers found Shai-Hulud embedded in npm packages.…