Skip to content
The Nexus
Storyline10 outlets41 articlesFirst May 11 · 21:08 UTCLatest Jun 5 · 18:05 UTC

Shai-Hulud NPM Supply Chain Attack Campaign

Threat actors have launched a coordinated supply chain attack campaign called Shai-Hulud targeting NPM packages, compromising over 600 malicious packages across multiple ecosystems including TanStack and AntV, and leveraging compromised maintainer accounts to distribute malware to developers. The campaign also enabled secondary attacks, including a breach of GitHub's internal repositories through a compromised Nx Console VS Code extension.

This is a long-running storyline that has developed over 25 days. The homepage highlights its most recent activity, so the outlet count there reflects the latest wave. The totals above cover the full run.

Forward this
Key entities
Shai-Hulud (threat actor)NPM (Node Package Manager)TanStackAntV ecosystemGitHub
Volume · 26 days · 41 articlesPeak: 6 on 2026-05-19
2026-05-112026-06-05
Articles in this storyline

2026-06-05

1 article · 1 outlet
The Hacker News

2026-06-04

1 article · 1 outlet
Bleeping Computer

2026-05-25

1 article · 1 outlet
The Hacker News

2026-05-21

2 articles · 2 outlets
WiredBleeping Computer

2026-05-15

2 articles · 2 outlets
Bleeping ComputerThe Register

2026-05-14

3 articles · 3 outlets
Recorded Future NewsBleeping ComputerThe Hacker News

2026-05-12

3 articles · 3 outlets
The RegisterBleeping ComputerThe Hacker News

2026-05-11

1 article · 1 outlet
Hacker News
Shai-Hulud NPM Supply Chain Attack Campaign. Grid · The Nexus