Security News Self-propagating supply chain attack hits 187 npm packages BleepingComputer Daniel Bender Sep 16, 2025 Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike's npm namespace.
