Shai-Hulud
Coverage of Shai-Hulud in the Nexus archive.
- Sniff out stale AI override advice with this open source CLI
The CVE Lite CLI, an open-source tool endorsed by OWASP, helps developers scan dependencies to mitigate software supply chain attacks. Its recent update includes override auditing to address transitive dependency vulnerabilities, such as those seen in the node-ipc package incident and Shai-hulud attacks. The tool identifies broken overrides in projects like Cal.com, which had 11 ineffective override entries.
- Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed 'Miasma'.
- Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines
The Shai-Hulud malware campaign is spreading through software pipelines by exploiting automated systems. This campaign targets developers who trust these systems to publish software safely. The malware is a supply-chain threat.
- GitHub says internal repos exfiltrated after poisoned VS Code extension attack
GitHub was compromised due to a malicious Visual Studio Code extension, resulting in the exfiltration of internal repositories. The company is analyzing logs and monitoring for further activity. The incident has raised concerns about the security of private repositories and credentials.
- New Shai-Hulud malware wave compromises 600 npm packages
Threat actors published over 600 malicious packages to the Node Package Manager index as part of a new Shai-Hulud supply-chain campaign, compromising 600 npm packages. This campaign is a significant attack on the software supply chain. The attack was carried out earlier today.
- Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
An npm account compromise infected 314 npm packages with malware, including popular packages such as size-sensor and echarts-for-react. The compromised account belongs to a developer based in Hangzhou, China, and the malware has been reported on GitHub. Developers who have installed compromised package versions are advised to rotate credentials and check for unauthorized repositories.
- Shai-Hulud copycat worm infects yet another npm package
A Shai-Hulud copycat worm has been found in another npm package, chalk-tempalte, which is a malicious extension of the popular JavaScript library Chalk. The poisoned package contains a clone of Shai-Hulud, which steals secrets and sends them to a remote server. Four malicious packages have been detected, with a total of 2,678 weekly downloads.
- Shai-Hulud Worm Clones Spread After Code Release
The release of Shai-Hulud source code poses a threat to software developers due to its self-replicating nature. Researchers are concerned that the worm could spread rapidly. This raises concerns about the potential impact on the software development community.
- Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware has been leaked and is being used in new attacks on the Node Package Manager index, with infected packages emerging over the weekend. This malware is fueling a new npm infostealer campaign. The attacks are targeting the npm index.
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers discovered four malicious npm packages containing information-stealing malware and DDoS malware. The packages have a total of 3006 downloads. One of the packages is a clone of the Shai-Hulud worm.
- OpenAI Confirms Security Breach Linked to AI Malware Campaign
OpenAI confirmed a security breach linked to an AI malware campaign, where malware accessed internal repositories after infecting two employee devices. The breach is tied to the Shai-Hulud supply chain attack. OpenAI's internal systems were compromised as a result.
- Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
The malware crew TeamPCP has open-sourced its Shai-Hulud worm on GitHub, allowing any actor to modify and expand its reach. The worm attacks npm packages and looks for credentials for users of cloud services. Security outfit Ox has spotted the repos and believes that independent threat actors have already begun modifying it.
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.