Live Updates: Sha1-Hulud, The Second Coming

TLDR: Major resurgence of Shai-Hulud malware, now called “Sha1-Hulud: The Second Coming,” compromises over 800 npm packages and tens of thousands of GitHub repos. It embeds credential-stealing payloads and can delete users' home directories if unsuccessful. It exploits GitHub Actions for remote code execution, allowing attackers to run commands through victim accounts. Organizations should scan endpoints, remove affected packages, rotate credentials, and audit workflows to mitigate risks.

https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top