Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be used by JavaScript developers for access to millions of packages. This campaign trojans unsecured npm packages with malicious code that is automatically executed when developers using that package update to the trojaned version.

Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.