Bleepingcomputer
Shai-Hulud Malware Compromises 25K GitHub Repositories via npm Packages
First seen 24 Nov 2025, 15:26 UTC
•

•86% similarity
•32.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Shai-Hulud malware has re-emerged, infecting over 500 trojanized npm packages and compromising secrets from more than 25,000 developers within three days. The malicious packages, including those from popular services like Zapier and Postman, were added to the npm registry and automatically posted encoded data to GitHub. This supply-chain attack is a continuation of a campaign that first surfaced in September 2025.
ThreatCluster AI