GitHub Worm Hits npm Packages With 16M Downloads

github-actions-hijacked-in-dev-wiping-npm-supply-chain-attack-768x432-1.jpg

Asset Info

NID

bafkreih...4uwij2la

CreatorN/A

Registration TimeLoading...

RegistrarBitcoin News

Capture TimeLoading...

GeolocationN/A

File TypeJPEG

Source TypedigitalUpload

Details

Abstract

A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do […]

LicenseN/A

Used Bynews.bitcoin.com...

Mining PreferenceN/A

Integrity Proof

bafkreib...ju7aumcu