Threat IntelligenceBleeping Computer
9.0 — CRITICAL
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new Shai-Hulud malware wave compromised over 600 npm packages, targeting developer workstations and CI/CD environments, with the goal of stealing secrets and exfiltrating them over the Session P2P network.
⚙️Technical Details
Affected Systems
npmGitHubCI/CD environmentsbuild platforms such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, CircleCI, Vercel, Netlify
Attack Vectors
injection of a heavily obfuscated 'index.js' payload via npm packagesuse of stolen credentials to spread to other projectsexfiltration over the Session P2P network and GitHub API
💥Impact Assessment
Severity: critical
Who Is at Risk
developers who downloaded infected npm packagesorganizations with CI/CD environments using affected build platformsSeverity: critical
🛡️Recommended Actions
1Developers should uninstall infected npm packages immediately and rotate all secrets within reach of the infected systems.
2Organizations should validate their controls, detection rules, and cloud configurations to prevent similar attacks.
3Automated pentesting tools can deliver real value in detecting network movement, but are not a substitute for manual validation.
📦Affected Products
@antv ecosystem librariestimeago.jssize-sensorjest-canvas-mock
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.