What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? Full explainer on npm malware spread
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack hit hundreds of packages linked to the @antv ecosystem. Attackers used a compromised maintainer account to publish malicious versions that stole credentials and spread across repositories. Microsoft and Socket confirmed investigations and detections. The incident shows how dependency attacks can spread fast across CI/CD, cloud services, and developer tools worldwide.
Заголовки