Karma-X Blog
Subscribe via RSS
The npm Worm Era: What Shai-Hulud Started, Who's Continuing It, and How Defenders Should Adapt
The npm Worm Era: What Shai-Hulud Started, Who's Continuing It, and How Defenders Should Adapt

September 2025's self-replicating Shai-Hulud npm worm rewrote the supply-chain threat model. Six months later the playbook has been adopted by other actors (TeamPCP, April 2026). Here's the concrete tradecraft, the IOCs that actually fire, and the controls defenders need.

Read More
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign
Supply Chain Alert: TeamPCP Compromises SAP npm Ecosystem via 'mini Shai-Hulud' Campaign

TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.

Read More
Axios npm Package Compromised: Supply Chain Attack via Phantom Dependency Drops Cross-Platform RAT
Axios npm Package Compromised: Supply Chain Attack via Phantom Dependency Drops Cross-Platform RAT

Axios npm package compromised—attackers hijacked the maintainer’s account and injected a phantom dependency that dropped a cross-platform RAT. Here’s the full attack chain.

Read More
💬 Ask our AI Assistant Kali