Shai-Hulud Malware Compromises 25K GitHub Repositories via npm Packages

Shai-Hulud Malware Compromises 25K GitHub Repositories via npm Packages

First seen 24 Nov 2025, 15:26 UTC TheregisterBleepingcomputerHeise.De 86% similarity 32.6

Article Content

Browse articles
ThreatCluster

The Shai-Hulud malware has re-emerged, infecting over 500 trojanized npm packages and compromising secrets from more than 25,000 developers within three days. The malicious packages, including those from popular services like Zapier and Postman, were added to the npm registry and automatically posted encoded data to GitHub. This supply-chain attack is a continuation of a campaign that first surfaced in September 2025.

ThreatCluster AI

Community

Browse all →