5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...

Over 300 npm packages compromised by self-replicating worm0 0

A new piece of malware is spreading through the popular tinycolor NPM library and more than 300 other packages, some of which ...
GovInfoSecurity

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...