VulnHub

Real-time Cybersecurity News

Mini Shai-Hulud returns, compromising hundreds of npm packages

CyberScoop
Actively Exploited
Malware

Overview

A new wave of malware, dubbed Mini Shai-Hulud, is compromising hundreds of npm packages, targeting the open-source software community. This malicious software is stealing publishing tokens, which can allow attackers to take control over the affected packages. Additionally, it installs OS-level backdoors and embeds itself in developer tools and continuous integration (CI) pipelines. This incident puts many developers and organizations at risk, as it can lead to compromised software being distributed widely. Developers using npm packages need to be vigilant and ensure they are not using compromised versions to protect their projects and systems.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Hundreds of npm packages, developer tools, CI pipelines
  • Action Required: Developers should audit their npm packages, revoke any compromised tokens, and ensure they are using secure versions of packages.
  • Timeline: Newly disclosed

Original Article Summary

Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop.

Impact

Hundreds of npm packages, developer tools, CI pipelines

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should audit their npm packages, revoke any compromised tokens, and ensure they are using secure versions of packages. Regularly updating dependencies and monitoring for unusual activity in CI pipelines is also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches

CyberScoop

A recent report from Verizon revealed a significant rise in the number of security breaches caused by exploited vulnerabilities last year. Many organizations are failing to address these critical defects, leaving their systems open to attacks. The report emphasizes that these vulnerabilities have become the primary entry point for cybercriminals, meaning that companies need to prioritize patching and updates to protect their systems. This trend points to a concerning oversight in cybersecurity practices across various industries, where outdated software and unaddressed vulnerabilities can lead to severe data breaches and financial loss. As attackers continue to exploit these weaknesses, the urgency for organizations to strengthen their security measures has never been greater.

May 19, 2026

Discord rolls out end-to-end encryption on voice, video calls

BleepingComputer

Discord has implemented end-to-end encryption (E2EE) for all voice and video calls on its platform, ensuring that communications are secure by default. This means that only the participants in a call can access the audio and video data, protecting users from potential eavesdropping. This move is particularly significant as the platform has grown in popularity for gaming and community interaction, making privacy a key concern for its users. By adopting E2EE, Discord aims to enhance user trust and protect sensitive conversations from unauthorized access. This change is now live for all users, emphasizing the importance of secure communication in online interactions.

May 19, 2026

CISA Exposes Secrets, Credentials in 'Private' Repo

darkreading

The Cybersecurity and Infrastructure Security Agency (CISA) has come under scrutiny after its GitHub repository, humorously titled 'Private-CISA', was made publicly accessible in November 2025. This repository contained sensitive information, including secrets and credentials that should have remained confidential. The irony of the repository's name has drawn attention, as it raises questions about the agency's security practices. This incident is concerning as it could potentially expose various systems to unauthorized access, increasing the risk of cyberattacks. The exposure of such sensitive data not only affects CISA's credibility but also impacts the security posture of the organizations relying on its guidance.

May 19, 2026

FBI: Americans lost over $388 million to scams using crypto ATMs in 2025

BleepingComputer

In 2025, the FBI reported that Americans lost over $388 million to scams involving cryptocurrency ATMs, also known as crypto kiosks or Bitcoin ATMs. These scams typically involve fraudsters tricking victims into sending money to them through these machines, often under the guise of legitimate transactions. The rise in these scams highlights a growing concern as more people turn to cryptocurrency for transactions. The FBI's warning emphasizes the need for users to be cautious and verify any transaction before proceeding, especially given the irreversible nature of cryptocurrency transactions. This situation not only affects individual victims but also raises questions about the security measures in place at these ATMs and the responsibility of operators to protect users.

May 19, 2026

Universal Robots patches critical 9.8 flaw in ‘cobots’ OS

SCM feed for Latest

Universal Robots has addressed a serious security vulnerability in its collaborative robots, or 'cobots,' which could allow attackers to take control of production systems from a distance. The flaw has been rated 9.8 on the CVSS scale, indicating its severity and potential impact on operations. Companies using these cobots need to ensure they apply the latest patches to protect their systems. If left unaddressed, this vulnerability could disrupt manufacturing processes and lead to significant financial losses. Users should stay informed about updates to minimize risks associated with this flaw.

May 19, 2026

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

SecurityWeek

Drupal has announced a highly critical vulnerability that poses a significant risk of exploitation in the near future. The organization warns that attackers could develop an exploit for this vulnerability within hours or days, putting numerous sites at risk. This issue affects users of Drupal, a popular content management system used by many websites globally. The urgency of the situation stems from the potential for rapid attacks, which could compromise site security and user data. As a result, Drupal is working on a patch to address the vulnerability, emphasizing the need for users to stay vigilant and apply updates as soon as they become available.

May 19, 2026