A security vulnerability named Shai Hulud (yes the one from Dune), has been wreaking havoc in the software world, so much so that my boss told me to stop working for a few hours. So in that time I decided to do a bit of digging.
An enterprising engineer (who’s yet to be identified) injected some malware (malicious) into a popular codebase that everyone uses. He managed to get access to this code base through a phishing scheme (a scammy email) that asked the owner of that codebase to update his credentials. Then, like a true worm, the malware started to slither across the web, and began self-replicating itself across all the codebases that it could find.
I’ve seen many cyberattacks in my short tenure as an engineer, but rarely do I come across one so creative and widespread. Even as I write this sentence, nearly a full day after the worm has been discovered, it’s still out there, feasting on unsuspecting codebases.
But as cathartic as it is to lambast this software engineer for their lais…
