TECH NEWS

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, security researchers report.

The NPM maintainer account ‘atool’, which has access to multiple packages across the @antv namespace, and which publishes timeago.js (1.5 million weekly downloads), was compromised and used to publish malicious package versions.

The attack propagated downstream to other highly popular packages, including echarts-for-react (~1.1 million weekly downloads), “impacting a much broader set of applications and continuous integration (CI) environments,” Microsoft warned on Tuesday.

According to Socket, roughly 639 malicious versions of the compromised packages were published across “data visualization, graphing, mapping, charting, and React component ecosystems”.

“Across the full Mini Shai-Huludcampaign we have tracked 1,055 versions across 502 unique packages. The campaign spans NPM, PyPI, and Composer, with NPM representing the overwhelming majority of the activity: 1,048 NPM versions across 498 unique NPM...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

https://www.zdnet.com/a/img/resize/9fd6494a68f0fd83e6d18c98491bfc7b76bbfdcf/2023/11/07/1eead599-77e0-4877-bff5-ca101ca11758/nord-vpn-mobile.jpg?auto=webp&fit=crop&height=675&width=1200

Why I still recommend NordVPN to most people in 2026

NordVPN4 / 5Very good pros and cons * Checks all the VPN boxes of reliability, performance, and features * The NordLynx protocol has fast and secure connections worldwide, and features like specialty servers, an antivirus (offline malware scanner for PCs), and a Dark Web Monitor are welcome. * There is no split tunneling feature

https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/continue-on-launcher.png?quality=90&strip=all&crop=0%2C8.1151832460733%2C100%2C83.769633507853&w=1200

Android 17 is getting its own version of Apple’s Handoff

‘Continue On’ lets you start tasks on your phone and pick them up elsewhere. by Dominic Preston May 20, 2026, 11:07 AM UTC Dominic Preston is a news editor with over a decade’s experience in journalism. He previously worked at Android Police and Tech Advisor. Google is adding

https://cdn.mos.cms.futurecdn.net/NHw52WumKtjnedPmhTHyHi-2560-80.jpg

Need a compact soundbar upgrade ahead of the World Cup? This four-star Sonos Beam (Gen 2) is now 20% off at Amazon

The World Cup is only a matter of weeks away and now is the ideal time to upgrade your home theatre setup. After all, if you can’t be there in person, you want to absorb the atmosphere somehow, right? One way to do that is with a great soundbar,

https://images.sifted.eu/wp-content/uploads/2026/05/19150033/Gab_Rooftop2-scaled.jpg?w=2048&h=1366&q=75&fit=crop&auto=compress,format

London-based Primer, which helps e-commerce merchants connect and manage multiple payment providers, raised a $100M Series C led by Sofina

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. App Spotlight: Quo for Zoho CRM — App Spotlight brings you hand-picked solutions that enhance your

Read more

Why I still recommend NordVPN to most people in 2026

Android 17 is getting its own version of Apple’s Handoff

Need a compact soundbar upgrade ahead of the World Cup? This four-star Sonos Beam (Gen 2) is now 20% off at Amazon

London-based Primer, which helps e-commerce merchants connect and manage multiple payment providers, raised a $100M Series C led by Sofina