NPM's Rising Malware Problem скачать в хорошем качестве

NPM's Rising Malware Problem

In this video, we break down shai-hulud npm attack, a self-propagating malware worm that spreads through compromised npm packages, abuses GitHub authentication tokens, and performs large-scale credential harvesting. We also explore how this incident fits into the larger npm supply chain landscape, where even a small slip can turn into a full-on supply chain attack npm developers rarely see coming. By looking closely at the techniques behind the shai-hulud 2.0 supply chain attack, we get a clearer picture of how an npm supply chain hack actually unfolds and why these threats are becoming increasingly sophisticated. The video ends with straightforward npm security practices you can adopt immediately to reduce your exposure. Resources: Wiz Research (The Second Coming Analysis): https://www.wiz.io/blog/shai-hulud-2-... PostHog (Detailed Post-Mortem) - https://posthog.com/blog/nov-24-shai-... Postman (Security Engineering Update) - https://blog.postman.com/engineering/... AsyncAPI ("Patient Zero" Analysis) https://www.aikido.dev/blog/shai-hulu... Zapier & ENS Domains - Wiz Research:(https://www.wiz.io/blog/shai-hulud-2-...) Socket.dev:(https://socket.dev/blog/shai-hulud-st...) Chapters: 00:00 - Intro & spoofing 00:40 - sha1 hulud - npm hacked 01:00 - how will it infect? 01:45 - What does it do inside ? 02:55 - how it avoids detection by github ? 03:22 - Most evil part about it. 03:38 - How to stay safe ? 04:10 - Conclusion #github #npm #securitybreach #hacked #dune