Tag: Aikido Security
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages
Jeff Burt | | Aikido Security, CI/CD (Continuous Integration/Continuous Deployment), Cloud Security, credential security, GitHub Actions, leaked secrets, npm malware, Orca Security, Shai-Hulud worm, TeamPCP, WizThe threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
Jeff Burt | | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technologyThe latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
Jeff Burt | | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLTIn the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
Attackers Testing New Strain of Shai-Hulud on npm: Aikido
Jeff Burt | | Aikido Security, GitHub repositories, information stealing, JavaScript, leaked secrets, npm registry, Shai-Hulud wormThreat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...
