Security Alert npm Supply Chain Attacks Weaponize Shai Hulud and Miasma Worms
0 views
Skip to first unread message
Eyal Estrin
Jun 5, 2026, 2:45:54 AM (2 days ago) Jun 5
to
IronWorm Shai-Hulud's rustier cousin
https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/
Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp
https://www.endorlabs.com/learn/malicious-payload-in-ai-sdk-ollama-npm-package
Miasma npm Supply Chain Attack Self-Spreading Worm via Phantom Gyp
https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-worm
IronWorm Supply Chain Malware Hits npm
https://www.ox.security/blog/ironworm-supply-chain-malware-hits-npm/
New IronWorm malware hits 36 packages in npm supply-chain attack
https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/
https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/
Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp
https://www.endorlabs.com/learn/malicious-payload-in-ai-sdk-ollama-npm-package
Miasma npm Supply Chain Attack Self-Spreading Worm via Phantom Gyp
https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-worm
IronWorm Supply Chain Malware Hits npm
https://www.ox.security/blog/ironworm-supply-chain-malware-hits-npm/
New IronWorm malware hits 36 packages in npm supply-chain attack
https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/
Eyal Estrin
Author | Cloud Architect | AWS • Azure • GCP Insights
Social: @eyalestrin
Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com
Author | Cloud Architect | AWS • Azure • GCP Insights
Social: @eyalestrin
Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com
Reply all
Reply to author
Forward
0 new messages