#shai-hulud

[ follow ]
#supply-chain-attack #npm #maven #credential-exfiltration #npm-supply-chain #credential-theft #github-compromise
fromThe Hacker News
2 weeks ago

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "This means the PostHog project has compromised releases in both the JavaScript/npm and Java/Maven ecosystems, driven by the same Shai Hulud v2 payload,"
Science
Information security
fromIT Pro
2 weeks ago

Shai-Hulud malware is back with a vengeance and hit more than 19,000 GitHub repositories so far - here's what developers need to know

Shai-Hulud worm infects npm packages, compromising ~700 packages and over 19,000 GitHub repositories to exfiltrate credentials, spread malicious payloads, and delete user files.
#npm
more#npm
[ Load more ]