All news with #credential harvesting tag

Shai-Hulud Worm: Large npm Supply Chain Compromise

🪱 Palo Alto Networks Unit 42 is investigating an active supply chain attack in the npm ecosystem driven by a novel self-replicating worm tracked as "Shai-Hulud." The malware has compromised more than 180 packages, including high-impact libraries such as @ctrl/tinycolor, and automates credential theft, repository creation, and propagation across maintainers' packages. Unit 42 assesses with moderate confidence that an LLM assisted in authoring the malicious bash payload. Customers are protected through Cortex Cloud, Prisma Cloud, Cortex XDR and Advanced WildFire, and Unit 42 recommends immediate credential rotation, dependency audits, and enforcement of MFA.