Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
Malware found in @bitwarden/cli v2026.4.0 steals SSH keys, cloud secrets, and AI coding tool credentials, then spreads through victims' own npm packages. Inside: a worm calling itself "Shai-Hulud…
Read the full articleYou might also wanna read

The Holiday Whisper: Shai-Hulud 3.0
A refined variant of the Shai-Hulud malware, dubbed The Golden Path, has been discovered targeting the npm ecosystem during the holiday seas
MAL-2026-5137: Malicious code in @redhat-cloud-services/frontend-components-translations (npm)
The @redhat-cloud-services/frontend-components-translations npm package versions 4.4.1, 4.4.2, and 4.4.4 were compromised as part of the "Mi
MAL-2026-5133: Malicious code in @redhat-cloud-services/compliance-client (npm)
The @redhat-cloud-services/compliance-client npm package versions 4.0.3, 4.0.4, and 4.0.6 were compromised as part of the "Mini Shai-Hulud"
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has n
Post-Mortem Analysis: How Our Company Was Compromised by the Shai-Hulud 2.0 npm Supply Chain Worm
On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
Malware driving attack includes "dead man's switch" that can harm user data.

Comments
Sign in to join the conversation.
No comments yet. Be the first.