Search

theregister.com › security › 2026 › …

Top npm package backdoored to drop dirty RAT on dev machines

… Campaigns such as "Shai-Hulud" and its follow-up, "Shai-Hulud 2.0," show attackers increasingly targeting the software supply chain itself, seeding malicious packages to siphon credentials, hijack environments, or quietly maintain persistence within developer tooling. …

Mar 31, 2026 · Carly Page

theregister.com › special-features › 2026 › …

1K+ cloud environments infected via Trivy attack

… MORE CONTEXT Supply chain attacks now fuel a 'self-reinforcing' cybercrime economy A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud' Shai-Hulud worm returns, belches secrets to 25K GitHub repos Crims poison 150K+ npm packages with token-… …

Mar 24, 2026 · Jessica Lyons