open-source-malware
Safeguard articles tagged "open-source-malware" — guides, analysis, and best practices for software supply chain and application security.
4 articles
SHA1-Hulud second-wave npm supply chain incident
Shai-Hulud's November 2025 second wave hit npm via a Bun-based worm, stealing cloud creds and re-publishing trojanized packages at scale.
PyPI typosquatting malicious packages
PyPI typosquatting tricks developers into installing malicious lookalike packages via one-letter typos. Real incidents, attack patterns, and defenses inside.
What Is Open Source Malware
Open source malware is code deliberately planted in packages to attack the systems that install it. Learn how it spreads, real incidents, and how it differs from CVEs.
Shai-Hulud self-propagating npm worm campaign
Inside Shai-Hulud, the self-propagating npm worm that hijacked publish tokens to auto-infect hundreds of packages across the JavaScript ecosystem.