Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
Summary
A new wave of supply chain attacks, dubbed Miasma and Hades, has targeted over 100 packages on the NPM and PyPI repositories. These attacks are variants of the previously identified Shai-Hulud self-propagating attack campaign.
IFF Assessment
FOE
Supply chain attacks are a significant threat to defenders as they compromise trusted software repositories, leading to the potential widespread distribution of malicious code.
Defender Context
Defenders must remain vigilant against supply chain attacks, particularly those targeting popular package managers like NPM and PyPI. Implementing robust dependency scanning, code signing verification, and a strong software bill of materials (SBOM) strategy are crucial to mitigate the risks associated with compromised third-party code.