GitHub Worm Hits npm Packages With 16M Downloads
5 minutes ago · News Bitcoin
A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Milli...