Dec 10, 2025 · 12 min read · 1. Setting the Stage: A New Breed of Supply Chain Attack The Shai-Hulud campaign represents a critical evolution in supply chain threats, moving beyond isolated package compromise to a self-propagating contagion targeting the core of modern developme...
Join discussion
Nov 30, 2025 · 5 min read · "Authorized 'hacking back' will enable previously unrealized asymmetries for the cyber adversary." - The Art of Cyber War In this week's Seclog, the cybersecurity landscape reveals a persistent focus on supply chain vulnerabilities, with multiple re...
Join discussion
Nov 25, 2025 · 6 min read · If you think your npm install is safe because you haven't typed it in a while, think again. We are currently witnessing the "Second Coming" of the Sha1-Hulud malware campaign. It’s not just another script-kiddie virus; it is a sophisticated, self-rep...
Join discussion
Sep 18, 2025 · 14 min read · 1. Introduction: The Attack of the Code Worm Imagine building a project with a set of Lego bricks, but one of the bricks is secretly malicious. Not only is it a bad piece, but it also has the ability to copy itself and sneak into all the other Lego s...
Join discussion
Sep 18, 2025 · 3 min read · The Attack That Targeted the Supply Chain The npm ecosystem faced what security researchers call a watershed moment in September 2025 when a self-replicating worm, dubbed "Shai-Hulud," compromised over 500 packages. Named after the massive sandworms ...
Join discussion