Shai Hulud Malware Exploits NPM Supply Chain Vulnerabilities
First seen 23 Dec 2025, 18:00 UTC
•

•70% similarity
•33.2
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Shai Hulud malware has been identified as a significant threat in NPM supply chain attacks, turning developers into unwitting distributors of malicious code. This malware typically executes during npm install operations, affecting developer workstations and CI/CD systems. The attack compromises the integrity of software development processes, posing risks to developers and their projects.
ThreatCluster AI