Skip to content
supplychainattack.orgSupply chain attack incident catalog

Shai-Hulud supply chain incidents

Self-replicating npm worm campaign first observed in September 2025. Steals developer and CI credentials (npm tokens, cloud keys), exfiltrates them via attacker-controlled GitHub repositories, and uses stolen npm tokens to trojanize and republish further packages.

Also tracked as: Shai Hulud, Shai-Hulud worm, Shai-Hulud 2.0, The Second Coming

4 confirmed incidents publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

  1. containedhigh

    New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

    Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.

    Shai-HuludPyPICompromised package
  2. containedcritical

    Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools

    @bitwarden/cli@2026.4.0 was compromised on npm with a malicious preinstall hook that deployed an obfuscated credential stealer. The malware harvests developer secrets, GitHub Actions tokens, and AI tool configurations, exfiltrating encrypted data to a Checkmarx-impersonating domain.

    Shai-HuludTeamPCPnpmCompromised package
  3. activecritical

    Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope

    The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).

    Shai-HuludnpmOtherCompromised packageBuild-system compromiseAccount takeover
  4. activehigh

    Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

    A supply chain campaign dubbed "Mini Shai Hulud" targeted SAP npm packages with malicious versions containing credential-stealing malware. The campaign follows patterns similar to previous Shai-Hulud attacks.

    Mini Shai HuludShai-HuludnpmCompromised packageMalicious commit