GitLab discovers widespread npm supply chain attack
about.gitlab.com
Malware driving attack includes "dead man's switch" that can harm user data.

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming… This suggests it may be the same attacker behind the “Shai-Hulud” attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

    • corsicanguppy@lemmy.caEnglish
      11·
      7 months ago

      The same can happen for maven, crates, gomods, and other.

      Yes.

      The problem is [intricate dependencies]

      Nah. Dependencies are fine. The method of bringing those in and validating them is where the supply-chain risk accumulates. We knew better when we still had mentors.