Sign up to save your podcasts
Or
Share Episode 02 | Worms in the NPM Supply Chain: Singularity, Phished Maintainers, and Shai-Hulud
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 02 | Worms in the NPM Supply Chain: Singularity, Phished Maintainers, and Shai-Hulud
Over just a few weeks, the NPM ecosystem was hit by three major security incidents: the Singularity campaign exploiting GitHub Actions for token theft, a phishing attack on a package maintainer, and Shai-Hulud, the first worm-like malware propagation in NPM. In this episode of The Permiso Podcast, our CTO Ian Ahl, breaks down how each event unfolded, the role of stolen credentials, and what these attacks mean for developers and security teams navigating modern supply chain risks.
View all episodes
By Permiso SecurityOver just a few weeks, the NPM ecosystem was hit by three major security incidents: the Singularity campaign exploiting GitHub Actions for token theft, a phishing attack on a package maintainer, and Shai-Hulud, the first worm-like malware propagation in NPM. In this episode of The Permiso Podcast, our CTO Ian Ahl, breaks down how each event unfolded, the role of stolen credentials, and what these attacks mean for developers and security teams navigating modern supply chain risks.