Sha1-Hulud 2.0 Supply Chain Attack: 25K+ Npm Repos Exposed

Extreme TLDR:
New Shai-Hulud 2.0 attack targets npm packages, affecting 25K+ repos and stealing secrets, with ~700 compromised packages identified. Immediate investigation and remediation recommended for npm environments. Attackers exploit lifecycle scripts for credential theft, leading to widespread credential exfiltration and propagation. Security teams advised to replace compromised packages, rotate credentials, and audit CI/CD environments.

https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top