From AiTM phishing to autonomous worms

A deep dive into 2025 npm attacks โ€” Insomni'hack 2026, Christophe Tafani-Dereeper
LinkedIn ยท BlueSky ยท Blog

References

๐Ÿ“ฝ
Slides
โœ…
Security Checklist
๐Ÿชฑ
Worm Variants

About this talk

Attacks on npm maintainers (2025+)

Shai-Hulud 1.0 analysis

Shai-Hulud 2.0 analysis

Shai-Hulud 3.0 analysis

Sandworm analysis

Mentioned open source projects

Weaponizing on-device LLMs

Recommendations

Insomni'hack 2026 โ€” Christophe Tafani-Dereeper