top of page
perceptive_background_267k.jpg

Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.

Published:

24 November 2025 at 11:23:00

Alert date:

5 December 2025 at 08:03:23

Source:

socket.dev

Click to open the original link from this advisory

Another wave of the Shai-Hulud campaign has targeted npm with over 500 malicious packages and 700+ versions affected. PostHog published a detailed post-mortem revealing how their GitHub Actions workflow was compromised as an initial access vector. An attacker briefly opened a pull request that modified a script executed via GitHub Actions, demonstrating sophisticated supply chain attack techniques. This represents a significant escalation in the ongoing Shai-Hulud malware campaign targeting the JavaScript ecosystem. The attack shows continued evolution in npm-based supply chain threats.

Technical details

Mitigation steps:

Affected products:

npm
GitHub Actions
PostHog

Related links:

https://socket.dev/blog/shai-hulud-strikes-again-v2?utm_medium=feed
https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page