Tuesday, September 16 @ 2PM EST
Join us for a research briefing with industry analyst, James Berthoty, and Upwind’s threat research team as we unpack the largest npm compromise in recent history.
On September 8, 2025, a sweeping supply chain attack compromised 18 npm packages, including widely used libraries like debug and chalk. These packages, which collectively power billions of downloads each week, were hijacked and injected with malicious code targeting cryptocurrency wallets and blockchain environments.
We’ll also dive into today’s zero-day: the Shai Hulud npm worm, a major escalation of the August Nx compromise now propagating across the npm ecosystem
In this session, we’ll break down:
- How this attack unfolded and what made it so dangerous
- Real-world impact and scope of exploitation
- What this means for the future of package security, and why runtime visibility is now mission-critical
