ByteBrief

Best read upright.

We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.

(We tried widescreen once. It wasn't us.)

ByteBrief

DevVercel10 months ago

Shai-Halud Supply Chain Campaign, Expanded Impact & Vercel Response

3 min read

The Shai-Halud supply chain campaign expanded beyond the initial Qix compromise of 18 npm packages. Over 40 additional packages were attacked via the Tinycolor worm vector. The CrowdStrike namespace and DuckDB maintainer account were compromised. Vercel identified 10 customer projects impacted and blocklisted compromised versions.

Level

Hype check

Tap to vote and see what everyone thinks.

#npm #supply chain #vercel