VulnHub

Real-time Cybersecurity News

Leaked Shai-Hulud malware fuels new npm infostealer campaign

BleepingComputer
Actively Exploited
Malware

Overview

The recently leaked Shai-Hulud malware is being used in new attacks targeting the Node Package Manager (npm) index. Over the weekend, several infected packages appeared on npm, raising concerns among developers and users who rely on the platform for JavaScript libraries. This malware is designed to steal sensitive information, which poses a significant risk to developers and organizations that integrate third-party packages into their projects. As this situation unfolds, it is crucial for users to be vigilant and cautious about the packages they download and use. The emergence of this malware highlights the ongoing risks associated with software supply chains and the need for enhanced security measures.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Node Package Manager (npm) packages
  • Action Required: Users should audit their npm packages for any suspicious activity and avoid using unknown or unverified packages.
  • Timeline: Newly disclosed

Original Article Summary

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. [...]

Impact

Node Package Manager (npm) packages

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should audit their npm packages for any suspicious activity and avoid using unknown or unverified packages. Regularly updating dependencies and using tools to check for vulnerabilities is also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Malaysian government-linked campaign used hidden infrastructure for years

SCM feed for Latest

A long-term espionage campaign linked to the Malaysian government has been operating under the radar for years. Researchers discovered that the attackers have maintained a complex command and control infrastructure, utilizing advanced techniques to evade detection. This operation raises concerns about the potential for sensitive information to be compromised, affecting not only government entities but possibly private sector organizations as well. The stealthy nature of this campaign suggests that it could continue to pose risks to national security and data privacy if not addressed. As this situation unfolds, it’s crucial for organizations to remain vigilant and enhance their cybersecurity measures.

May 18, 2026

Microsoft Exchange Zero-Day Under Attack, No Patch Available

darkreading

A newly discovered zero-day vulnerability in Microsoft Exchange, tracked as CVE-2026-42897, poses a significant risk as it allows attackers to exploit cross-site scripting (XSS) to compromise Outlook Web Access (OWA) mailboxes. This vulnerability is reportedly under active attack, meaning that malicious actors are currently trying to exploit it in the wild. Organizations using Microsoft Exchange should be particularly vigilant, as the absence of an available patch leaves their systems exposed. Without immediate remediation, users could face unauthorized access to sensitive email communications. Companies are advised to implement security measures, such as input validation and monitoring for suspicious activity, until an official patch is released.

May 18, 2026

SHub macOS infostealer variant spoofs Apple security updates

BleepingComputer

A new variant of the SHub macOS infostealer has been discovered that tricks users into believing they need to install a security update. Using AppleScript, this malware presents a fake update message, which, when interacted with, leads to the installation of a backdoor on the user's system. This malicious software primarily targets macOS users, potentially compromising their personal information and system integrity. The ability to deceive users with a legitimate-looking update notice makes this variant particularly concerning. It underscores the need for users to be vigilant about unexpected prompts and verify updates directly from Apple's official channels.

May 18, 2026

Critical bug in F5 NGINX actively exploited

SCM feed for Latest

A serious vulnerability has been discovered in F5 NGINX, a widely used web server technology that powers about one-third of all websites globally. This vulnerability is currently being exploited by attackers, raising alarms among cybersecurity experts. The issue poses a significant risk to countless websites and web applications that rely on NGINX for handling web traffic. Organizations using NGINX should take immediate action to assess their systems and implement necessary security measures to protect against potential attacks. The urgency of this situation is underscored by the fact that the vulnerability is actively being targeted in the wild, making prompt remediation essential to prevent data breaches and other malicious activities.

May 18, 2026

Grafana confirms GitHub token breach cybercrime group claims the attack

Security Affairs

Grafana has confirmed a breach involving a compromised GitHub token that allowed attackers to access its source code. The incident came to light when the extortion group Coinbase Cartel claimed responsibility and listed Grafana on a leak site on May 15. Fortunately, Grafana Labs stated that no customer data or systems were compromised during this breach. The exposure of source code can pose risks to the security of future updates and features, as it may enable malicious actors to find and exploit vulnerabilities. Companies need to ensure robust token management practices to prevent similar incidents in the future.

May 18, 2026

Consumers face increasing online scams, as AI fuels sophisticated attacks

SCM feed for Latest

A recent report from F-Secure indicates that online scams are becoming more prevalent, with 56% of consumers experiencing scam attempts at least once a month in 2025. The rise in these scams is attributed to advances in artificial intelligence, which scammers are using to create more sophisticated and convincing attacks. This trend poses significant risks for individuals, as it increases the likelihood of falling victim to fraud. Consumers need to be vigilant and informed about the evolving tactics used by scammers to protect their personal and financial information. The report serves as a warning to both users and businesses to enhance their security measures and awareness around online scams.

May 18, 2026