Zapier NPM Hack Unleashes Self-Spreading Worm Attack

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

Threat actors have successfully weaponized Zapier’s compromised NPM account to unleash a digital weapon that’s creating chaos across the entire open-source ecosystem.

This isn’t your typical data breach—it’s malware that evolved into something far more sinister, and the implications are staggering.

Security researchers discovered the breach when malicious code began appearing across multiple core packages simultaneously. Each infected version carries a new capability: the ability to automatically spread itself to thousands of other repositories without any human intervention whatsoever.

The attack represents a devastating escalation from the original Shai Hulud worm that (a reference to the sandworms in the Dune novels) first emerged two months ago. What makes this “Second Coming ...