Thread: Shai Hulud launches second supply-chain attack

Shai Hulud launches second supply-chain attack (aikido.dev)

HN 352 pts 23 comments by birdculture Nov 24, 2025 thread

Shai-Hulud Supply-Chain Scanner (Rust) (github.com)

HN 3 pts 0 comments by ManfredMacx Sep 17, 2025 Systems / Low-Level / OS thread

Self-Replicating NPM Package Supply Chain Worm 'Shai Hulud' (aikido.dev)

HN 2 pts 0 comments by oli5679 Sep 20, 2025 thread

Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack) (socket.dev)

HN 3 pts 1 comments by pvtmert Nov 24, 2025 thread

OreNPMGuard v2.0.0 – OSS for Shai-Hulud 2.0 NPM supply chain attack

HN 1 pts 0 comments by ahsansmir Nov 24, 2025 thread

Shai-Hulud 2.0 emerged in November 2025, compromising 738 npm packages and affecting 25,000+ repositories. This is an evolution of the September 2025 attack with new attack vectors:<p>- Uses `preinstall` hooks (executes earlier than `postinstall`) - Creates malicious GitHub workflows with self-hoste...

Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets (wiz.io)

HN 2 pts 1 comments by samuel246 Nov 25, 2025 thread

Talos Secure Workstation launches on CrowdSupply, funding opens early October (crowdsupply.com)

L 9 pts 3 comments by chadski Sep 1, 2016 hardwaresecurity Security / Privacy Maker / DIY / Hardware thread

Kubernetes launches second "production readiness" retrospective survey (groups.google.com)

L 1 pts 0 comments by riking Apr 22, 2021 distributedscaling Data / Databases / Infrastructure Productivity / Career / Business thread

IKEA launches secondhand marketplace to compete with eBay (ft.com)

HN 63 pts 62 comments by thm Aug 26, 2024 thread

Bluesky launches 60 second mp4, mpeg, webm and mov video clips with safety tools (bsky.social)

HN 24 pts 0 comments by Terretta Sep 12, 2024 thread

ULA launches second Vulcan flight, encounters strap-on booster anomaly (spaceflightnow.com)

HN 1 pts 0 comments by ortusdux Oct 4, 2024 thread

Cerebras launches Qwen3-235B, achieving 1.5k tokens per second (cerebras.ai)

HN 364 pts 155 comments by mihau Jul 23, 2025 thread

Recycling or Second Use? Supply Potential and Climate Impact of EOL EV Batteries (pubs.acs.org)

HN 2 pts 0 comments by PaulHoule Aug 9, 2025 thread

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised (socket.dev)

HN 1233 pts 1019 comments by jamesberthoty Sep 16, 2025 Security / Privacy thread

A lot of blogs on this are AI generated and such as this is developing, so just linking to a bunch of resources out there:<p>Socket:<p>- Sep 15 (First post on breach): <a href="https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" rel="nofollow">https:/&...

Live updates: Shai-hulud, the most dangerous NPM breach in history (koi.security)

HN 46 pts 3 comments by chha Sep 16, 2025 thread

Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages (sysdig.com)

L 40 pts 4 comments by samuelkarp Sep 17, 2025 javascriptsecurity Web Development Security / Privacy Culture / Philosophy / History / Reading thread

Shai-Hulud: The novel self-replicating worm infecting NPM packages (sysdig.com)

HN 7 pts 0 comments by Bogdanp Sep 17, 2025 thread

How Replit Is Protecting You from the "Shai-Hulud" Worm (blog.replit.com)

HN 2 pts 0 comments by amrrs Sep 19, 2025 thread

Shai-Hulud, The Most Dangerous NPM Breach In History Affecting CrowdStrike and Hundreds of Popular Packages (koi.security)

L 7 pts 2 comments by laktak Sep 21, 2025 nodejssecurity Web Development Security / Privacy Culture / Philosophy / History / Reading thread

Japan Launches Second Osmotic Power Plant in Fukuoka (oilprice.com)

HN 4 pts 0 comments by PaulHoule Sep 29, 2025 thread

Shai-Hulud Returns: Over 300 NPM Packages Infected (helixguard.ai)

HN 1038 pts 775 comments by mrdosija Nov 24, 2025 thread

https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains

Shai-Hulud Returns: Over 300 NPM Packages infected via Fake Bun Runtime Within Hours (helixguard.ai)

L 64 pts 69 comments by bezdomni Nov 24, 2025 javascriptsecurity Web Development Security / Privacy thread

SHA1-Hulud – The Second Coming: Over 1k NPM Packages Compromised (koi.ai)

HN 4 pts 1 comments by amitassaraf Nov 24, 2025 thread

Shai-Hulud malware infects 500 NPM packages, leaks secrets on GitHub (bleepingcomputer.com)

HN 2 pts 1 comments by speckx Nov 24, 2025 Programming (General)Security / Privacy thread

Shai Hulud Strikes Again (aikido.dev)

L 4 pts 3 comments by UkiahSmith Nov 24, 2025 security Security / Privacy thread

Big attack on NPM – Shai-Hulud 2.0 (about.gitlab.com)

HN 2 pts 3 comments by thomasfl Nov 25, 2025 thread

SHA1-Hulud, NPM supply chain incident (snyk.io)

HN 3 pts 0 comments by tsenturk Nov 26, 2025 thread

Post-mortem of Shai-Hulud attack on November 24th, 2025 (posthog.com)

HN 99 pts 70 comments by makepanic Nov 26, 2025 thread

The Shai-Hulud 2.0 npm worm: analysis, and what you need to know (securitylabs.datadoghq.com)

HN 4 pts 2 comments by saikatsg Nov 26, 2025 thread

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats (blog.pypi.org)

HN 3 pts 0 comments by miketheman Nov 26, 2025 thread