Science and Technology News and Videos
affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of self-replicating worms.investigative cybersecurity journalist Brian Krebs, CrowdStrike once again became the launchpad for a potentially debilitating security hazard when some 25 code packages were compromised by a novel strand of malware.
Dubbed "Shai-Hulud," the malicious software is designed to slip into developer machines through the JavaScript repository "Node Package Manager" , a widely used database of software modules and coding tools. According to Krebs, once the malware nabs credentials from an infested computer, it publishes its finds to a public file on GitHub, which includes the name "Shai-Hulud" — the mythic sandworm from Frank Herbert's 1965 sci-fi novel "Dune." What makes Shai-Hulud particularly devastating is that every time an unsuspecting developer installs an infected module from NPM, the worm searches their system for "access tokens" — a way to"This creates a cascading effect where an infected package leads to compromised maintainer credentials, which in turn infects all other packages maintained by that user,"So far, Kreb says that at least 187 NPM modules have been affected, including the 25 managed by CrowdStrike. Intriguingly, the worm is designed to assume its victim is operating a computer with a Linux or Mac operating system, and to "deliberately skip" Windows PCs."After detecting several malicious NPM packages in the public NPM registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries," a CrowdStrike representative "I would think of this attack as a 'living' thing almost, like a virus," he warned. "Because it can lay dormant for a while, and if just one person is suddenly infected by accident, they could restart the spread. Especially if there’s a super-spreader attack."Subscribe to our daily newsletter to keep in touch with the subjects shaping our future. I understand and agree that registration on or use of this site constitutes agreement to its User Agreement and Privacy Policy
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Shop exclusive deals on self-care items from ABC SavingsShop self-care items
Read more »
Shop exclusive deals on self-care items from ABC SavingsShop self-care items
Read more »
CrowdStrike Ushers In The Agentic Era Of CybersecurityCrowdStrike’s Fal.Con 2025 unveiled the Agentic Security Platform, AI agents, and new partnerships to move cybersecurity defenses to proactive, intelligent resilience.
Read more »
Tesla Full Self-Driving fails at train crossings, drivers warnDavid Ingram is a tech reporter for NBC News.
Read more »
Making atoms self-magnify reveals their quantum wave functionsTrapping ultracold atoms with laser light let researchers magnify and then image the wave functions of atoms that were previously too close together to look like anything but a blob
Read more »
Roosevelt High School student detained by ICE ahead of graduation to self deport to GuatemalaSuperintendent of Roosevelt School District, Dr. Shawn Wightman, told Eyewitness News that Alvaro Velasquez's diploma and gown are still sitting in his office.
Read more »