Tag: Shai-Hulud
-
npm has reset platform tokens following a large-scale supply chain attack linked to the Shai-Hulud malware campaign. The attacks compromised hundreds of npm packages and affected software connected to modern development environments and CI/CD workflows. Security researchers warned that the campaign continues spreading through stolen credentials and automated package publishing systems. The incident has become…
-
The Shai-Hulud malware campaign has expanded again after attackers compromised more than 600 npm packages during a new large-scale software supply-chain attack. Security researchers said the malicious packages targeted developer environments, CI/CD systems, cloud credentials, and authentication secrets tied to modern software workflows. The latest campaign spread rapidly through the npm ecosystem and affected packages…
-
The Shai-Hulud malware campaign is expanding again after researchers uncovered hundreds of compromised npm and PyPI packages tied to the growing supply-chain operation. Security analysts warn that the malware targets developer credentials, CI/CD environments, GitHub tokens, and cloud infrastructure connected to major software ecosystems. The latest activity reportedly affected packages linked to TanStack, Mistral AI,…
-
Security researchers have identified a third variant of Shai-Hulud malware, confirming that the supply chain threat continues to evolve. The discovery suggests that the operators behind the campaign remain active, refining their techniques after earlier versions were exposed. Even without a large-scale outbreak, the presence of this new variant highlights persistent risks across open-source development…