Malicious | Crypto

On Nov. 24, security firm Aikido detected a second wave of the Shai-Hulud self-replicating npm worm, compromising 492 packages with a combined 132 million monthly downloads. The attack struck major ecosystems, including AsyncAPI, PostHog, Postman, Zapier, and ENS, exploiting the final weeks before npm’s Dec. 9 deadline to revoke legacy authentication tokens. Aikido’s triage queue […] The post Malicious worm compromises crypto domains in supply-chain attack appeared first on CryptoSlate.