{ads}

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Written By Wednesday, 26 November 2025 Add Comment



November 26, 2025 at 11:38PM

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "

from The Hacker News https://ift.tt/uwrq0ZW

0 Response to "Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads