The NPM Worm Is Back – Threat Wire

⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️

@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev

Want to work with Ali? endingwithalicollabs@gmail.com

[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 – Intro
1 – Cloudflare Went Down
2 – Major Company NPM Projects Infiltrated
3 – Online Code Formatters Are Not Safe
4 – Outro

LINKS
🔗 Story 1: Cloudflare Went Down
https://x.com/dok2001/status/1990791419653484646
https://blog.cloudflare.com/18-november-2025-outage/
🔗 Story 2: Major Company NPM Projects Infiltrated
https://nx.dev/blog/s1ngularity-postmortem
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
https://www.aikido.dev/blog/github-actions-incident-shai-hulud-supply-chain-attack
https://x.com/adnanthekhan/status/1993147831570288690
🔗 Story 3: Online Code Formatters Are Not Safe
http://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________

Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.Hak5Read More