https://www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an
trust walletlinksmillioncryptotheft
https://www.techzine.nl/nieuws/security/572421/npm-opnieuw-getroffen-door-shai-hulud-worm-aanval/
Nov 25, 2025 - NPM opnieuw getroffen door Shai-Hulud worm. Meer dan 1000 pakketversies gecompromitteerd. Ontwikkelaars moeten credentials resetten.
shai huludnpmdoorwormaanval
https://www.bleepingcomputer.com/news/security/shai-hulud-20-npm-malware-attack-exposed-up-to-400-000-dev-secrets/
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and...
shai huludmalware attackup tonpmexposed
https://www.knostic.ai/blog/shai-hulud-2-npm-attack
Shai-Hulud 2.0 compromised 800+ npm packages with 132M downloads. Learn why this self-replicating NPM worm makes IDE-level protection essential.
shai huludinsidenpmattackwave
https://dev.to/0xkoji/security-alert-how-to-check-for-the-shai-hulud-compromise-51ln
Dec 6, 2025 - original post https://baxin.pages.dev/check-shai-hulud-compromise/ If you suspect your development... Tagged with npm, news, security, javascript.
security alerthow toshai huludcheckquot
https://unit42.paloaltonetworks.com/npm-supply-chain-attack/
Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and...
shai huludquotwormnpmecosystem
https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while...
shai huludcampaigntargetsclouddeveloper
https://www.infoworld.com/article/4095604/new-shai-hulud-worm-spreading-through-npm-github-2.html
Nov 25, 2025 - The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
shai huludnewwormspreadingnpm
https://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.html?ref=blog.netmanageit.com
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets and spread malware.
shai huludresearchersspotmodifiedworm
https://www.theregister.com/2025/11/28/posthog_shaihulud/
Nov 28, 2025 - : Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm
shai huludadmitsbiggestsecurity