Shai-Hulud Malware Infects npm Packages, Compromising Thousands of Repositories

Shai-Hulud Malware Infects npm Packages, Compromising Thousands of Repositories

First seen 2 Dec 2025, 18:33 UTC Aikido.DevTheregisterBleepingcomputerHeise.DeHackread+28 73% similarity 28.0

Article Content

Browse articles
ThreatCluster

A new wave of the Shai-Hulud malware has compromised nearly 500 npm packages, affecting over 26,000 GitHub repositories. This self-replicating worm, which targets developers' credentials and secrets, has been linked to a significant supply chain attack that began in late November 2025. The malware has evolved from its initial version, employing improved tactics for propagation and data exfiltration.

ThreatCluster AI

Community

Browse all →