top of page
perceptive_background_267k.jpg

New Featured Zero Day Report for SH1A-Halud npm Supply Chain Attack

Published:

25 November 2025 at 00:00:00

Alert date:

5 December 2025 at 08:03:23

Source:

updates.snyk.io

Click to open the original link from this advisory

On November 24th, 2025, Snyk detected a new supply chain attack called SHA1-Hulud impacting the npm ecosystem. This appears to be a second wave of the Shai-Hulud attack from September 2025. Over 700 packages are believed to be compromised in this active incident. Snyk has released a Featured Zero Day Report to help organizations determine if they have been impacted. The company continues to monitor the situation through their Trust Center and will update the report as new advisories are added and projects are re-tested.

Technical details

Mitigation steps:

Affected products:

npm

Related links:

https://updates.snyk.io/new-featured-zero-day-report-for-sh1a-halud-npm-supply-chain-attack/
https://snyk.io/blog/sha1-hulud-npm-supply-chain-incident/
https://trust.snyk.io/
https://docs.snyk.io/manage-risk/reporting/available-snyk-reports#featured-zero-day-report

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page