Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Following the first Shai-Hulud attacks, which infected more than 500 packages in total, and GitHub having to scour its users' ...
Cybernews

Shai-Hulud supply chain attacks back with a vengeance, impacting 28k GitHub repositories

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...
SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Security Boulevard

The Latest Shai-Hulud Malware is Faster and More Dangerous

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised ...