The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...
A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised ...
"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...
Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
North Korean actors deployed 197 new npm packages delivering evolved OtterCookie and GolangGhost malware through fake ...
PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...
The new version follows last month's version 0.0.1, when the project began to issue tagged releases on GitHub. The switch to ...
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...
The Register on MSN
Shai-Hulud worm returns, belches secrets to 25K GitHub repos
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback