Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24/ Shai-Hulud Returns: Over 1K NPM Packages and 27K+ Github Repos infected via Fake Bun Runtime Within... Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leveraged the `preinstall`... shai huludnpm packagesgithub reposvia fakebun runtime https://www.ox.security/blog/shai-hulud-bitwarden-cli-supply-chain-attack/ Bitwarden CLI Compromised: Inside the Shai-Hulud Supply Chain Attack supply chain attackbitwarden clishai huludcompromisedinside https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and... shai hulud wormsupply chain attackupdated novembercompromisesnpm https://circl.lu/pub/tr-97/ CIRCL » TR-97 - Supply Chain Compromise Propagating Through the npm Ecosystem (Shai-Hulud) TR-97- Supply Chain Compromise Propagating Through the npm Ecosystem (Shai-Hulud) supply chain compromiseshai huludcircltr97 https://www.csoonline.com/article/4123250/shai-hulud-co-the-supply-chain-as-the-achilles-heel.html Shai-Hulud & Co.: The supply chain as Achilles' heel | CSO Online Feb 3, 2026 - Not only because of Shai-Hulud, but also due to AI, the threat situation in the software supply chain is coming to a head. Security must therefore be at the... shai huludsupply chainachilles heelcso onlineco https://securelist.com/shai-hulud-2-0/118214/ Nothing to steal? Let’s wipe. We’re analyzing the Shai Hulud 2.0 npm worm | Securelist Dec 4, 2025 - Kaspersky researchers uncover new version of Shai Hulud nom worm, which attacks targets in Russia, India, Brazil, China and other countries, and has wiper... shai hulud 20 npmnothingstealwipe https://safedep.io/shai-hulud-second-coming-supply-chain-attack/ Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis - Real-time Open Source Software Supply... Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals... shai hulud 2npm supply chainanalysis real timeopen source software https://www.sonatype.com/blog/the-second-coming-of-shai-hulud-attackers-innovating-on-npm Second Coming of Shai-Hulud: Attackers Innovating on npm | Sonatype Apr 7, 2026 - Sha1-Hulud returns to npm with automated, self-replicating malware and pipeline persistence. Sonatype details the campaign and how to stay protected. second comingshai huludattackersinnovatingnpm https://www.csoonline.com/article/4095578/new-shai-hulud-worm-spreading-through-npm-github.html New Shai-Hulud worm spreading through npm, GitHub | CSO Online Nov 24, 2025 - The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. shai hulud wormcso onlinenewspreadingnpm https://www.aikido.dev/blog/shai-hulud-npm-bitwarden-cli-compromise Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm Apr 23, 2026 - Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages.... compromised bitwarden clishai huludself propagatingnpm wormback https://www.sysdig.com/blog/return-of-the-shai-hulud-worm-affects-over-25-000-github-repositories Return of the Shai-Hulud worm affects over 25,000 GitHub repositories | Sysdig Mar 27, 2026 - A new variant of the Shai-Hulud (Sha1-Hulud) worm is spreading through backdoored NPM packages, compromising nearly 1,000 packages and leaking credentials from... shai hulud worm25 000github repositoriesreturnaffects https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ The Shai-Hulud 2.0 npm worm: analysis, and what you need to know | Datadog Security Labs Learn more about the Shai-Hulud 2.0 npm worm. shai hulud 2datadog security labs0 npmwormanalysis https://www.aikido.dev/blog/shai-hulud-strikes-again---the-golden-path Shai Hulud strikes again - The golden path Mar 17, 2026 - A new strain of Shai Hulud has been observed in the wild. shai huludgolden pathstrikes https://hackaday.com/2025/12/05/this-week-in-security-react-json-formatting-and-the-return-of-shai-hulud/ This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud | Hackaday After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you need something to shake you out of... shai huludweeksecurityreactjson https://www.aikido.dev/blog/shai-hulud-2-0-unknown-wonderer-supply-chain-attack Shai Hulud 2.0: What the Unknown Wonderer Reveals About the Attackers’ Endgame Dec 3, 2025 - New research into the Shai Hulud 2.0 malware suggests the username UnknownWonderer1 tells us more about the attackers’ endgame. shai hulud 20unknownrevealsendgame https://sdtimes.com/security/shai-hulud-is-back-with-a-new-campaign-infecting-more-npm-packages/ Shai-Hulud is back with a new campaign infecting more npm packages - SD Times Software Development News shai huludnew campaignnpm packagessd timesback