Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer

about.gitlab.com

Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer

about.gitlab.com

Pierre-Yves Lapersonne@programming.dev to

Open Source@lemmy.ml · 2 days ago

GitLab discovers widespread npm supply chain attack

about.gitlab.com

Malware driving attack includes "dead man's switch" that can harm user data.

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming… This suggests it may be the same attacker behind the “Shai-Hulud” attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

Chat

xyro@lemmy.ca
link
fedilink
English
arrow-up
1·
1 day ago
It’s been a busy day…

Open Source@lemmy.ml

opensource@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !opensource@lemmy.ml

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

508 users / day
2.18K users / week
4.53K users / month
10.7K users / 6 months
1 local subscriber
42.2K subscribers
1.82K Posts
23.7K Comments
Modlog