A self-propagating malware campaign is actively compromising the NPM ecosystem, and while it’s undeniably dangerous, many experts believe it’s not getting the attention it deserves. Known as Shai-Hulud, this attack has dominated headlines for the companies caught in its path,but the real story lies in what it reveals about the fragility of the modern software supply chain. The foundation of contemporary development is being shaken, and the warning signs could not be clearer. Inside the Attack Shai-Hulud is a self-replicating worm that moves autonomously, spreading across networks without human interaction. It compromises legitimate packages using stolen developer credentials, then exfiltrates…
Brad LaPorte
Brad LaPorte
Brad LaPorte is the Chief Marketing Officer at Morphisec and former Gartner Analyst.
Brad is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces.
Ransomware attacks have not only increased in numbers, but they have also evolved beyond data encryption and ransoms. Today’s attackers are increasingly turning to double or even triple extortion, extracting sensitive information to increase their leverage. According to the 2025 Verizon DBIR, 90% of ransomware attacks involved data exfiltration in 2024, up from 85% in 2023 and just 10% in 2019. This evolution presents a major challenge for CISOs relying on traditional detection-based defenses Exfiltration Moves to Center Stage What makes modern ransomware campaigns such a challenge for security teams is that they target more than just IT systems, which were…
Since 2020, the push for consolidating cybersecurity solutions has gained significant momentum. In 2021, Gartner highlighted vendor consolidation as one of the top security and risk trends. Their article, The Top 8 Security and Risk Trends We’re Watching, revealed that 75% of organizations were actively seeking to streamline their cybersecurity solutions by relying on fewer vendors. This trend, however, is beginning to show signs of vulnerability, and we’re witnessing the cracks in this once-promising approach. Perhaps the biggest crack of all was the CrowdStrike outage, which disrupted 8.5 million Windows devices and spotlighted the significant risks tied to relying on a…
Virtual Desktop Infrastructure (VDI) is white hot. Just ask Fortune Business Insights, which reports that the VDI market size will grow from $15.61 billion in 2024 to $80.82 billion by 2032, with a CAGR of 22.8%. One catalyst behind this adoption is the view that VDI is a more secure alternative to physical desktops. While this is true in many respects, companies should not lower their defenses by thinking VDI is without fault regarding security. This type of perception can lead to dangerous complacency and, ultimately, costly breaches and attacks. If your company plans to shift to a virtual environment or…