How-To Geek on MSN

NPM packages are infected with malware, again

Shai Hulud v2 infected 500+ npm packages (700+ versions) and spilled into Java/Maven — yikes. Compromised packages run a ...
Security Boulevard

Shai-Hulud 2.0: over 14,000 secrets exposed

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens. GitGuardian ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant introduces several critical capabilities that represent a fundamental shift ...

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...

Shai-Hulud 2.0 Credential Leak Hits Zapier, PostHog and Postman — User Data At Risk

The digital landscape is once again shaking as a new iteration of a major credential leak—dubbed 'Shai-Hulud 2.0'—has ...