A Dangerous Worm Is Eating Its Way Through Software Packages

A fast-spreading "Shai-Hulud" worm is infecting hundreds of open source packages on NPM, a JavaScript repository. The malware compromises systems, steals NPM credentials, and corrupts more software to propagate. ReversingLabs reports over 700 affected packages, including 25 used by CrowdStrike, making it a major supply-chain attack. While the worm steals credentials, its ultimate goal is unknown, posing a substantial threat to software development ecosystems.