Shai-Hulud Archives

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades.

Ionut ArghireJune 9, 2026

Malware & Threats

First Shai-Hulud Worm Clones Emerge

At least one threat actor has adopted the recently released malware source code in attacks against NPM developers.

Ionut ArghireMay 18, 2026

Malware & Threats

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards.

Ionut ArghireMay 15, 2026

Supply Chain Security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.

Ionut ArghireMay 1, 2026

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.

Ionut ArghireApril 30, 2026

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm.

Ionut ArghireApril 24, 2026

Malware & Threats

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.

Ionut ArghireFebruary 24, 2026

Application Security

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets.

Ionut ArghireDecember 31, 2025

Supply Chain Security

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories.

Ionut ArghireNovember 25, 2025

Application Security

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.

Ionut ArghireSeptember 17, 2025

SECURITYWEEK NETWORK:

ICS:

All posts tagged "Shai-Hulud"

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Malware & Threats

First Shai-Hulud Worm Clones Emerge

Malware & Threats

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Supply Chain Security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Malware & Threats

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Application Security

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

Supply Chain Security

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Application Security

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Featured

Supply Chain Security

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Data Breaches

Kodak Admits Data Breach After ShinyHunters Hack Claims

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Latest News

Artificial Intelligence

French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation

Malware & Threats

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Malware & Threats

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

Malware & Threats

FortiBleed: 86,000 Fortinet Device Credentials Compromised

Funding/M&A

Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC

Malware & Threats

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Daily Briefing Newsletter