Shai-Hulud of Pisa.
With new trailer for Dune out and new war chant it was just a matter of time...

#shaihulud #dune #pisa #art #artwork #digital #illustration #ink #SciArt

Chat how spicy am I cooking?

#dune #dunepart3 #shaihulud

Runesmith: "Purple Worms Are Too Powerful" | #TTRPG #D&D #History #Dune #ShaiHulud #Sandworms #CreatureDesign #MonsterDesign
www.youtube.com/watch?v=I3V5...

I only recognize one god. #shaihulud

JFrog entdeckt 13 Schwachstellen in GitHub-Repositorys Die gemeldeten Ergebnisse tragen dazu bei, die globale Technologie-Infrastruktur mit Milliarden von Nutzern besser vor Angriffen auf CI/CD-Workflows im Stil von „Shai-Hulud“ zu schützen. JFrog, das Li...

JFrog entdeckt 13 Schwachstellen in GitHub-Repositorys - Die gemeldeten Ergebnisse tragen dazu bei, die globale Technologie-Infrastruktur mit Milliarden von Nutzern besser vor Angriffen auf CI/CD-Workflows im Stil von „Shai-Hulud“ zu schützen.
www.all-about-security.de/jfrog-entdec...
#shaihulud

sandworm from dune digital cute drawing with a little heart

gift art for @arockbyday.bsky.social of the dune sandworm but chibi

#dune #shaihulud #art

The @socket.dev team caught super early signals of this attack campaign leading to preemptive shutdown! proud of the team and our advanced threat detection engine! 💪

Thankful for the rapid response and takedown @npmjs.bsky.social @github.com @cloudflare.social 🙏

#shaihulud #SANDWORM_MODE

Man with glasses and dark beard holding a box set containing Frank Herbert's Dune, Dune Messiah, and Children of Dune. Behind is a bookshelf full of books with Soviet antiques on top.

For those wondering which holy books I have been reading.
#Dune #FrankHerbert #ShaiHulud #Muad'Dib #Zensunni

Original post on mastodon.social

RE: https://social.troll.academy/@mushu/115937976404644181

The mono-culture that is growing from the combination of vscode/codium + nodejs + github comes with all the expected side effects. #Shaihulud was just the beginning, with below story illustrating the same vector.

Locking down all […]

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.

Hackers can bypass #npm’s #ShaiHulud defenses via #Git dependencies

www.bleepingcomputer.com/news/security/hackers-ca...

#cybersecurity

Self-hosted Github-Actions-Runner werden als Backdoor missbraucht Sysdig erläutert in einer aktuellen Analyse, wie Bedrohungsakteure self-hosted Github-Actions-Runner missbrauchen, um dauerhaften Remote-Zugriff

Self-hosted Github-Actions-Runner werden als Backdoor missbraucht

#Backdoor #CloudSicherheit #Cybersecurity #Cybersicherheit #GitHub #GithubActionsRunner #RogueRunner #ShaiHulud @Sysdig

A photo of a black and white cat's head resting against one of her human' arms. She has a black face, a white chin and chest, and very white whiskers. A cluttered desk is out of focus in the background.

Welp, guess my gaming ( @duneawakening.com ) is on hold for a while. At least she is not trying to get me eaten by #ShaiHulud this time 😂

#Cats
#Gaming
#BlessTheMaker

🛂 npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens

#npm #ShaiHulud #cybersecurity

Trust Wallet Chrome Hack Drains Funds
Read More: buff.ly/pJduGDj

#TrustWalletHack #ShaiHulud #SupplyChainAttack #BrowserExtensionRisk #CryptoTheft #SeedPhraseTheft #Web3Security

ITちゃんねる GitHub、npmへのサプライチェーン攻撃「Shai-Hulud」対応方針を発表 #ShaiHulud #ITニュース

GitHub、npmへのサプライチェーン攻撃「Shai-Hulud」対応方針を発表
#ShaiHulud #ITニュース

ファイナルフロンティア - IT関連ニュース 【 #ITニュース 】GitHub、npmへのサプライチェーン攻撃「Shai-Hulud」対応方針を発表 #ShaiHulud #CodeZine

【 #ITニュース 】GitHub、npmへのサプライチェーン攻撃「Shai-Hulud」対応方針を発表
#ShaiHulud #CodeZine

Shai-Hulud 2.0 Supply Chain Attack

~Microsoft~
Malicious npm packages execute during pre-installation to steal credentials from developer environments and CI/CD pipelines.
-
IOCs: (None identified)
-
#ShaiHulud #SupplyChain #ThreatIntel #npm

Original post on chaos.social

I still owe you a follow-up to my polls on #ShaiHulud detection (https://chaos.social/@F30/115616794610419354

Like most of you, I would have expected the malicious packages to be detected by both dependency scanners and endpoint protection.

The truth? Trivy and OWASP Dependency-Track failed […]

Aujourd'hui : "Il fait bon / beau temps pour septembre ou mars, sauf qu'on est en décembre !", on imagine passer le #PèreNoël tiré par des dromadaires (ou à dos de #ShaiHulud, plus classe !) et buvant un thé à la menthe / ti-punch. #Climat #Changement #GrandRemplacement ...

GitHub Actions injection in Nx allowed attackers to steal an NPM publishing token and publish backdoored Nx packages. Shai‑Hulud uses preinstall loaders, trufflehog for secrets, and GitHub Discussions as a C2 channel. #shaihulud #npm #supplychain https://bit.ly/3MkWmlc

If you use AWS without Vault, you should check it out to protect your crendentials!

With recent #shaihulud attack more needed than ever!

Thanks Marko for keeping this maintained!

Shai-Hulud V2 Targets NPM Supply Chain

~Zscaler~
Aggressive Shai-Hulud V2 malware targets the NPM supply chain, exfiltrating secrets to GitHub and installing persistent backdoors via Actions runners.
-
IOCs: SHA1HULUD, discussion. yaml, ~/. dev-env/
-
#NPM #ShaiHulud #ThreatIntel

screenshot of an e-mail from Enterprise Development Security Ops with subject "Temporary adjustment to NPM Registry access to Protect Against Shai-Hulud"

Bless The Maker and His water. Bless the coming and going of him.

#dune #ShaiHulud

Last Week in AppSec for 02. December 2025 - Checkmarx Last week in AppSec was busy; with Shai-Hulud 2, node-forge signature bypasses, Apache Syncope hard-coded AES key, renewed focus on libxml2 vulnerabilities, and some big patched from GitLab

#LastWeekInAppSec was a busy one! Not only did we have #ShaiHulud rear its head again, but a number of big patching efforts came up as well 🧵1/5

Get details and analysis here: buff.ly/T63yQWd

Post-mortem of Shai-Hulud attack on November 24th, 2025 - PostHog At 4:11 AM UTC on November 24th, a number of our SDKs and other packages were compromised, with a malicious self-replicating worm - Shai-Hulud 2.…

Posthog released a pretty detailed postmortem on the #shaihulud supply chain attack a few days ago. There's been a lot of good documentation and reading material on this one #infosec #posthog

posthog.com/blog/nov-24-...

Attacco supply chain npm, Shai-Hulud diffonde codice malevolo in centinaia di pacchetti

📌 Link all'articolo : www.redhotcyber.com/post/att...

#redhotcyber #news #cybersecurity #hacking #malware #npm #shaihulud #sottrazione #credenziali #token #sviluppatori

Il worm Shai-Hulud si diffonde oltre npm e attacca anche Maven

📌 Link all'articolo : www.redhotcyber.com/post/il-...

#redhotcyber #news #cybersecurity #hacking #malware #worm #shaihulud #posthog #npm #maven #javascript #sicurezzainformatica #minacceinformatiche #ecosistemidigitali

„Shai-Hulud“ - In der neuen Version ist der Wurm noch schwerer zu entdecken, erzeugt Hintertüren für Spionage und löscht unwiederbringlich die Daten der Opfer

#CloudSicherheit #Cybersecurity #Cybersicherheit #GitHub #Sha1Hulud #ShaiHulud @Sysdig #Wurm

netzpalaver.de/2025/11/27/s...

Inside the Second Wave of the Shai-Hulud npm Supply-Chain Attack Inside the 2025 Shai-Hulud npm attacks: how a worm spread through packages and how to safeguard your software supply chain

Inside the Second Wave of the Shai-Hulud npm Supply-Chain Attack

approov.io/blog/inside-...

#shaihulud #supplychain #malware #apisecurity #npm