Daily News

CISA issues alert on software supply chain compromise affecting open source registry

By Jaden Beard / September 24, 2025

The Cybersecurity and Infrastructure Security Agency has issued an alert on a software supply chain compromise that has impacted a widely used open source package management ecosystem.

“CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as ‘Shai-Hulud’—has compromised over 500 packages,” CISA says in the Sept. 23 alert.

The “Shai-Hulud” worm gained access to the node package manager, commonly...

form.antibot { display: none !important; } You must have JavaScript enabled to use this form.

CISA issues alert on software supply chain compromise affecting open source registry

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.