Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer
about.gitlab.com
GitLab discovers widespread npm supply chain attack
Publication croisée depuis https://programming.dev/post/41331208
"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.
The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.
And now, over 27,000 GitHub repositories were infected."