Thecyberexpress
Shai-Hulud Malware Infects npm Packages, Compromising Thousands of Repositories
First seen 2 Dec 2025, 18:33 UTC
•



+28
•73% similarity
•28.0
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A new wave of the Shai-Hulud malware has compromised nearly 500 npm packages, affecting over 26,000 GitHub repositories. This self-replicating worm, which targets developers' credentials and secrets, has been linked to a significant supply chain attack that began in late November 2025. The malware has evolved from its initial version, employing improved tactics for propagation and data exfiltration.
ThreatCluster AI