Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages
"Once executed, this novel worm — dubbed Shai-Hulud — steals credentials, exfiltrates them, and attempts to find additional NPM packages in which to copy itself. The malicious code also attempts to leak data on GitHub by making private repositories public."