The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
Approximately 640 NPM packages have been infected with a new variant of the Shai-Hulud self-replicating worm in a fresh wave of attacks.
While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...
Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and ...
A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...
AI might not be transforming every job yet, but it’s having a big impact on developers.
The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Eric Migicovsky, founder of the Pebble smartwatch, is turning to open-source to ensure device longevity with the iconic ...
New variant executes malicious code during preinstall, significantly increasing potential exposure in build and runtime ...
One-Click Publishing Eliminates the Gap Between AI Code Generation and Live Deployment San Francisco, CA – November 26, 2025 ...
According to findings from Wiz, over 25,000 npm packages have been compromised and over 350 users have been impacted.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback