Krebs on Security is a cybersecurity blog authored by Brian Krebs, an investigative journalist and cybersecurity expert. With a focus on cybercrime, hacking incidents, and data breaches, Krebs on Security provides  analysis, investigative reporting, and security research on emerging threats and cybersecurity trends. Developers and security professionals can learn about the latest cybersecurity threats, security best practices, and incident response strategies from Krebs' investigative reporting and expert analysis.

Krebs on Security

A self-replicating worm called Shai-Hulud has infected over 180 NPM packages, stealing developer credentials and automatically spreading to other packages. The malware uses stolen NPM tokens to modify popular packages, creates public GitHub repositories to expose stolen secrets, and briefly compromised CrowdStrike packages. Security experts warn this represents a new type of supply chain attack that can lay dormant and restart spreading, calling for mandatory human-verified 2FA for all package publications.

Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security

<p>Is this one of the worms from tremors?! 😂 very compelling image for a very harrowing outbreak. we tend to just trust our package managers, and assume that the upstream repositories are 100% secure 100% of the time</p>
