Shai-Hulud Worm Reloaded: A New Wave of NPM Supply Chain Attacks and How InvisiRisk Stops It
Shai-Hulud Worm Reloaded: A New Wave of NPM Supply Chain Attacks and How InvisiRisk Stops It Date of Attack: November 21-23, 2025. Impact: More than 800 NPM packages and 25,000 GitHub repositories were affected. The software supply chain has come under attack once again. Between November 21-23, the Shai-Hulud worm returned in a more aggressive […]
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection A novel self-propagating malware strain dubbed the Shai-Hulud worm has recently infected hundreds of JavaScript (NPM) packages. Security researchers report that at least 187 NPM packages are known to have been compromised and the damage caused by this threat is suspected of impacting more than 500 packages […]
InvisiRisk Unveils Groundbreaking Build Security AI Agent
InvisiRisk Launches Revolutionary Build Security AI Agent for Software Supply Chain Protection InvisiRisk, Inc. is excited to announce the launch of its revolutionary Build Security AI Agent, designed to transform the security landscape of software supply chains. This innovative solution leverages advanced artificial intelligence to provide unparalleled protection for CI/CD pipelines, ensuring the integrity and […]
The Great NPM Heist – What Happened and How InvisiRisk Protects You
The Great NPM Heist: What Happened and How InvisiRisk Protects You In early September 2025 attackers orchestrated a large-scale supply chain compromise on the NPM registry. They phished several popular package maintainers to gain publishing rights, then pushed malicious updates to over 18 widely used JavaScript libraries (including chalk, debug, ansi-regex, strip-ansi, wrap-ansi, color-convert, etc.). […]