Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack
This is an ongoing incident and updates will be provided as more information is confirmed.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Tales from the fraud frontlines: The growing threat of DDoS attacks - and how to prevent them
Picture this: It’s a busy weekday afternoon and your online payment platform is humming with activity. Suddenly, everything slows down. Customers complain that transactions are failing, your website goes offline, and your team scrambles to figure out what’s happening. The culprit? A Distributed Denial of Service (DDoS) attack.
Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses
LevelBlue’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. LevelBlue, and its affiliated entities, do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients. Should new information arise that alters this assessment, we will provide an update directly.
npm Supply Chain Attack: What Happened and How to Protect Your Software
On September 8, 2025, a large-scale npm supply chain attack quickly compromised 18 popular packages (with the 18 packages representing more than 2.6 billion weekly downloads within the bioinformatics ecosystem). Attackers hijacked a maintainer’s account by impersonating npm support in a phishing campaign to upload backdoored versions of popular packages like chalk, debug, ansi-styles, and supports-color.
Advanced Domain Protection and Threat Takedown Solutions for Cybersecurity
The digital landscape has become increasingly hostile, with cybercriminals exploiting domain vulnerabilities to launch sophisticated attacks against organizations worldwide. As businesses expand their online presence, the need for robust domain protection and effective domain takedown mechanisms has never been more critical. Modern enterprises face an evolving threat landscape where malicious actors register deceptive domains to steal credentials, distribute malware, and damage brand reputation through sophisticated phishing campaigns.
Not All Cyberattacks Begin with a Phishing Attack, Hack or Exploited Vulnerability
In a day and age when cyber threats are top of mind, it may be difficult for an organization to shift gears and take its physical security precautions into consideration. This is to protect not only a firm’s physical assets but direct access to networks and information that an attacker could use at a later date for a cyberattack.
Unpacking the Recent npm Supply Chain Attack: What We Know So Far
The software supply chain has once again come under fire, with npm — the world’s largest package ecosystem — at the center of one of the most significant compromises to date. Recent findings suggest that attackers successfully hijacked a maintainer account through phishing, injecting malicious code into popular open-source packages with billions of weekly downloads.
The Great NPM Heist - September 2025
On September 8, 2025, the JavaScript ecosystem experienced what is now considered the largest supply chain attack in npm history. A sophisticated phishing campaign led to the compromise of a trusted maintainer’s account, resulting in the injection of cryptocurrency-stealing malware into 18+ foundational npm packages. These packages collectively accounted for over 2 billion weekly downloads, affecting millions of applications globally—from personal projects to enterprise-grade systems.
Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure
The threat landscape surrounding distributed denial-of-service (DDoS) attacks intensified significantly in the first half of 2025, according to the latest Link11 European Cyber Report. Documented attacks targeting the Link11 network increased by 225% compared to the same period in 2024. The report highlights not only a marked rise in attack frequency but also a substantial escalation in their duration, intensity, and technical sophistication.
Largest npm Attack in History - Updated
(Nov 26, 2025) JFrog continues to track, provide research and document a second wave of the Shai-Hulud Software Supply Chain Attack. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 621 new malicious packages across leading public registries.