"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
Source
Snyk"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packagessnyk.ioYou might also wanna read
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
Shai Hulud 2.0 Supply-Chain Attack Compromises Zapier, ENS, AsyncAPI, PostHog, and Postman
The article details a new supply-chain attack campaign dubbed 'Shai Hulud 2.0' that has compromised multiple developer tools and platforms i
aikido.dev·7mo agoShai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
Post-Mortem Analysis: How Our Company Was Compromised by the Shai-Hulud 2.0 npm Supply Chain Worm
The article details a company's experience being compromised by the Shai-Hulud 2.0 npm supply chain worm on November 25th, 2025. It describe
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

Comments
Sign in to join the conversation.
No comments yet. Be the first.