Skip to main content

Tag: shai hulud

11 articles

Laptop and workstation setup with a blank screen amidst a clean environment.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Analyst 207
Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Cluttered coding workspace surrounds a laptop with a blurred webpage.

Typosquatting Evolves Into Supply Chain Threat

Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.

Analyst 207
Coding environment with lines of code on screen, surrounded by notes and diagrams.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Analyst 207
Developer workstation in shared office with laptop and large monitor displaying signs of GitHub Actions shared-cache…

Shai-Hulud worm infects another npm package

A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

Analyst 207
Blurred computer screen amidst software development environment with hint of unease.

Shai-Hulud Malware Fuels npm Infostealer Campaign

Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.

Analyst 207
Developer workspace with laptop, terminal, and blurred background of software development area, featuring a subtle network…

TanStack Mulls Invitation-Only Pull Requests After Supply Chain Breach

The TanStack project is weighing a drastic measure to protect its code: switching to invitation-only pull requests, after a sneaky Shai-Hulud worm exploited a GitHub Actions misconfiguration to contaminate a shared cache. This supply chain breach has raised red flags about the integrity of downstream code.

Analyst 207
Software development workspace with laptop, terminal windows, coding notes, and empty coffee cups in a neutral office…

Malicious npm Packages Deliver Infostealers and DDoS Malware

Researchers uncovered malicious npm packages, including one that was essentially a clone of the notorious Shai-Hulud worm, which was uploaded with its own command-and-control server and private key, ready to steal credentials and wreak havoc. This alarming discovery highlights the growing threat of malicious packages on npm.

Analyst 207
A cluttered tech workspace with a laptop and coding materials in a neutral-colored room.

Malware Worm Targets npm, PyPi in Mass Supply-Chain Attack

A self-spreading worm, dubbed Mini Shai-Hulud, has infected over 170 packages with nearly 180 million weekly downloads, posing a massive threat to the software supply chain. This highly contagious malware has been open-sourced, making it easier for others to exploit and escalate the attack.

Analyst 207
Dimly lit development workspace with laptop and empty GitHub repositories or terminal windows.

Shai Hulud Campaign Targets Developers with Malicious npm Packages

Malicious actors have unleashed a barrage of 84 tainted versions of popular software packages, cleverly disguising them with legitimate credentials to deceive developers. The Shai Hulud campaign, linked to the TeamPCP threat group, has been wreaking havoc on the software supply chain since September.

Analyst 207
Cluttered developer workstation with laptop, notes, and coffee cups, blurred cityscape in background.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns

The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.

Analyst 207