Security News Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry TheHackerNews Daniel Bender 31 Dec 2025 A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets and spread malware.
