SecurityWeek

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Cryptopolitan on MSN

Alert: Over 80,000 passwords and keys files from governments, banks, and tech firms leaked online

Researchers uncover more than 80,000 leaked passwords, keys, and sensitive files exposed on popular online code formatting ...
The Hacker News

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
Security Boulevard

The Latest Shai-Hulud Malware is Faster and More Dangerous

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more ...
Cybernews

Shai-Hulud supply chain attacks back with a vengeance, impacting 28k GitHub repositories

The Shai-Hulud supply chain attack campaign, responsible for compromising hundreds of CrowdStrike’s NPM packages in September ...

AWS is building a new DNS backstop to prevent further outages

Acknowledging customer demand for stronger DNS resilience, AWS has promised to make some fundamental changes to improve ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...