Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer
about.gitlab.com
GitLab discovers widespread npm supply chain attack
Malware driving attack includes "dead man's switch" that can harm user data.
Publication croisée depuis https://programming.dev/post/41331208
"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.
The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.
And now, over 27,000 GitHub repositories were infected."