Hackernews posts about Shai-Hulud

  1. New Shai-Hulud malware wave compromises 600 NPM packages (itnerd.blog)
    4 points by mooreds 27 days ago | 2 comments
  2. Detecting and removing dangerous secrets on dev workstations before Shai-Hulud (recyclebin.zip)
    3 points by ibobev 16 days ago | 1 comments
  3. Detecting and removing dangerous secrets on workstations before Shai-Hulud does (recyclebin.zip)
    3 points by gepeto42 27 days ago | discuss
  4. Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformati (socket.dev)
    2 points by rbanffy 9 days ago | discuss
  5. Pythagora-io/GPT-pilot Compromised – Shai-Hulud Cred Stealer Blocked by ruff (www.stepsecurity.io)
    1 points by yakkomajuri 11 days ago | discuss
  6. Malware developers added nuclear and biological weapons text to to their spyware (twitter.com)
    459 points by marc__1 10 days ago | 238 comments
  7. Show HN: AVP – an agent can't leak a secret it never had (github.com)
    3 points by radku 10 days ago | 1 comments
  8. GitHub commit Verification logic flaw and bypass
    1 points by handwritter 27 days ago | discuss
  9. Malicious PyPI Wheels Target Bioinformatics and MCP Developers (socket.dev)
    2 points by fbuilesv 12 days ago | 1 comments
  10. Red Hat Cloud Services Publish Pipeline Compromised, Shipped Malicious NPM (safedep.io)
    2 points by birdculture 20 days ago | discuss
  11. Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised (socket.dev)
    1233 points by jamesberthoty 9 months ago | 1019 comments
  12. Shai-Hulud Returns: Over 300 NPM Packages Infected (helixguard.ai)
    1038 points by mrdosija 7 months ago | 775 comments
  13. Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library (semgrep.dev)
    465 points by j12y about 2 months ago | 177 comments
  14. Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised (safedep.io)
    391 points by theanonymousone about 1 month ago | 313 comments
  15. Shai Hulud launches second supply-chain attack (www.aikido.dev)
    352 points by birdculture 7 months ago | 23 comments
  16. Shai-Hulud compromised a dev machine and raided GitHub org access: a post-mortem (trigger.dev)
    262 points by nkko 6 months ago | 184 comments
  17. Post-mortem of Shai-Hulud attack on November 24th, 2025 (posthog.com)
    99 points by makepanic 7 months ago | 70 comments
  18. Live updates: Shai-hulud, the most dangerous NPM breach in history (www.koi.security)
    46 points by chha 9 months ago | 3 comments
  19. Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
    10 points by jicea 4 months ago | discuss
  20. Mini Shai-Hulud: Bun Payloads Hit SAP NPM Packages (www.stepsecurity.io)
    9 points by likhith190 about 2 months ago | discuss
  21. Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)
    8 points by feross 4 months ago | discuss
  22. Shai-Hulud: The novel self-replicating worm infecting NPM packages (www.sysdig.com)
    7 points by Bogdanp 9 months ago | discuss
  23. Modern Developer Tools as Attack Surfaces: Lessons from Shai-Hulud (sitezwin.com)
    6 points by meel-hd 7 months ago | 2 comments
  24. Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub (www.theregister.com)
    6 points by pkaeding about 1 month ago | 1 comments
  25. Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub (www.theregister.com)
    5 points by _____k about 1 month ago | discuss
  26. Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub (www.theregister.com)
    5 points by birdculture about 1 month ago | discuss
  27. The Shai-Hulud 2.0 npm worm: analysis, and what you need to know (securitylabs.datadoghq.com)
    4 points by saikatsg 7 months ago | 2 comments
  28. Shai-Hulud: Open Sourcing the Carnage (github.com)
    4 points by lionkor about 1 month ago | discuss
  29. Mini Shai-Hulud in Intercom Package Spreads to Packagist Using Composer Plugin (semgrep.dev)
    4 points by j12y about 2 months ago | discuss
  30. Shai Hulud strikes again – The golden path (www.aikido.dev)
    4 points by gpi 6 months ago | discuss
  31. The new Shai-Hulud worm threatens to wipe your machine if you revoke its token (cybersecurityreach.org)
    3 points by Leonardm about 1 month ago | 1 comments
  32. Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack) (socket.dev)
    3 points by pvtmert 7 months ago | 1 comments
  33. Microsoft's Durabletask Package on PyPI Compromised. Mini Shai Hulud (www.aikido.dev)
    3 points by mjtk about 1 month ago | discuss
  34. PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats (blog.pypi.org)
    3 points by miketheman 7 months ago | discuss
  35. Shai-Hulud Supply-Chain Scanner (Rust) (github.com)
    3 points by ManfredMacx 9 months ago | discuss
  36. Big attack on NPM – Shai-Hulud 2.0 (about.gitlab.com)
    2 points by thomasfl 7 months ago | 3 comments
  37. Mini Shai-Hulud Is Back: NPM Worm Hits over 160 Packages, Including Mistral (www.aikido.dev)
    2 points by cebert about 1 month ago | 1 comments
  38. TanStack NPM Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack (socket.dev)
    2 points by croes about 1 month ago | 1 comments
  39. Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets (www.wiz.io)
    2 points by samuel246 7 months ago | 1 comments
  40. Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub (www.bleepingcomputer.com)
    2 points by speckx 7 months ago | 1 comments