Shai-Hulud-Like Worm Targets AI Tools Through npm Packages

Security researchers identified a supply chain worm resembling the Shai-Hulud malware, which spreads through malicious npm packages and targets AI tools. The attack vector involves compromised developer environments via the npm ecosystem, though no specific technical details, affected versions, or CVE IDs were disclosed. The worm’s primary objective appears to be propagation through software dependencies, but exact impacts on systems or data remain unspecified. No dates, victim counts, or attribution details were provided in the report. The discovery highlights risks in open-source package repositories and AI development workflows.