The second wave of the Shai-Hulud supply chain attack has compromised over 830 npm packages and a Maven Central package, affecting global developers and stealing sensitive data. This sophisticated malware campaign exploits vulnerabilities in CI workflows and trusted distribution channels to spread malicious code stealthily and broadly. #ShaiHulud #PostHog #GitHubActions #AsyncAPI #Cycode
Keypoints
- The attack involves a second wave targeting npm and Maven ecosystems with malicious package releases.
- Threat actors use stealthy techniques, such as the Bun runtime, to hide their malicious activities.
- Affected repositories include technologies like AsyncAPI, PostHog, and Postman, with over 28,000 impacted.
- The attack exploits CI workflow vulnerabilities, particularly in workflow_run and pull_request_target triggers.
- Developers are advised to rotate tokens, audit dependencies, and strengthen CI/CD security measures.
Read More: https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html