One of the environments that ran Shai Hulud 2.0 malware belonged to Elastic, a leading search and security company and an Entro customer. In Elastic’s public incident blog, Chief Information Security ...

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever ...

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials ...

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...

Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...