{ads}

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Written By Monday, 24 November 2025 Add Comment



November 24, 2025 at 06:33PM

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz. "The campaign introduces a new variant that executes malicious

from The Hacker News https://ift.tt/JAYwR4V

0 Response to "Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads