Sha1‑Hulud Second Wave — Executive Summary and Immediate Risk
What happened: A new wave of Sha1‑Hulud supply‑chain attacks trojanized hundreds of npm packages (uploaded Nov 21–23, 2025) to run malicious code during the preinstall […]
NPM packages
NPM packages Causes Havoc
Ten typosquatting npm packages were published that execute an obfuscated loader at postinstall, display a fake ASCII CAPTCHA, fingerprint victims, download a 24 MB PyInstaller-packaged […]