Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware designed to spread through software supply chains rather than traditional end-user systems. New npm worm builds on Shai-Hulud’s playbook After last year’s bombshell appearance of the self-replicating “Shai-Hulud” worm on the official npm registry, the … More → The post Self-spreading npm malware targets developers in new supply chain attack appeared first on Help Net Security .