👀Blog with full details & more updates can be found here: https://t.co/YP35k2Mweq #npm #OSS #SoftwareSupplyChainSecurity #Shaihulud @ap0x

@ReversingLabs This new worm variant includes wiper functionality. Shai-hulud permanently destroy all data in the user's home directory making it unrecoverable. It overwrites the free space where the deleted files used to be. Ensuring that data recovery software cannot restore the files.

@ReversingLabs Just like with the first wave, automated dependency management tools (like DependaBot) are creating pull requests that are helping the worm spread.

@ReversingLabs Over 25k repositories containing environment secrets, and other private information, have been published on GitHub by the accounts affected by this new Shai-Hulud wave.

RL automated threat detection systems are detecting the new wave of Shai-Hulud npm packages. Look out for the TH15502 policy violation in our Spectra Assure Community. Here is an example of a compromised package: https://t.co/uitFAHk3e5 - More info to follow from @ReversingLabs

After detecting & mitigating multiple supply chain attacks targeting #OSS the past few weeks, RL co-founder & CSA @ap0x had a gut reaction: "Something has to change, because we can’t keep doing this every week." #npm #GitHub

⚠️ RL researchers have found another package compromised on day 3 of the ongoing #npm #phishing campaign. It hides the obfuscated payload in the middle of an already large index.js file.👇

⚠️🧵 RL researches have detected a supply chain attack in an #npm package with a total download count of over 2 million: https://t.co/emdTgwf0Ig #OSS #Dev

An important update.

It's been a busy day for us! ⚠️🧵 RL's automated detection system flagged a new malicious #PyPI package: https://t.co/Jypl3CU9Eb While name would suggest this is a ChatGPT related project, it actually contains a #malware loader.

⚠️🧵 RL researches have detected a supply chain attack in a #VSCode extension that has nearly 6000 installs:

⚠️ 🧵 RL researchers have identified yet another #npm package that uses malicious patching of local software to hijack #cryptocurrency transfers. Get the full story.👇

⚠️🧵 For the first time, RL researchers discovered malicious locally-installed #npm packages infecting other legitimate packages. This approach reveals a high level of sophistication on the threat actor’s part:

⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users.

⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.

Report: Epidemic of Flaws in Commercial and Open Source Code Fuels Attacks @ReversingLabs #OSS #softwaresupplychain #cybersecurity #appsec #report https://t.co/C1t2riWmhE via @securityledger

⚠️ #ML devs, take note: RL threat researchers have identified nullifAI, a novel attack technique used on ML models hosted on #HuggingFace.

The @ReversingLabs #ThreatResearch team discovered #nullifAI, a novel attack technique used on an #ML model hosted on #HuggingFace. Get the details here:

⚡ Witnessing a landmark year in 2024, RL Spectra Assure achieved a customer growth of more than 150%, & we flagged over 5Bn unique malicious files. #Cybersecurity #Malware #SoftwareSupplyChainSecurity

New U.S. executive order on cybersecurity https://t.co/d0b0yUvg9d #cpp #cplusplus