Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
The Hacker News
Actively Exploited
Summary
A second wave of attacks, referred to as Sha1-Hulud, is compromising npm packages and affecting over 25,000 repositories. This supply chain campaign poses a significant threat as it involves credential theft, echoing previous attacks in severity and implications for software supply chains.
Impact
npm packages
In the Wild
Yes
Timeline
Newly disclosed
Remediation
Users should audit their npm packages for vulnerabilities, implement security best practices for managing credentials, and monitor for any suspicious activity related to their repositories.