VulnHub

Real-time Cybersecurity News

Back to all threats

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

The Hacker News
Actively Exploited

Summary

A second wave of attacks, referred to as Sha1-Hulud, is compromising npm packages and affecting over 25,000 repositories. This supply chain campaign poses a significant threat as it involves credential theft, echoing previous attacks in severity and implications for software supply chains.

Original Article Summary

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz. "The campaign introduces a new variant that executes malicious

Impact

npm packages

In the Wild

Yes

Timeline

Newly disclosed

Remediation

Users should audit their npm packages for vulnerabilities, implement security best practices for managing credentials, and monitor for any suspicious activity related to their repositories.

Read Original Article

Related Coverage

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.

Dec 7, 2025

Portugal updates cybercrime law to exempt security researchers

BleepingComputer

Portugal has updated its cybercrime law to provide a legal safe harbor for security researchers engaged in good-faith hacking, thereby allowing them to operate without fear of prosecution under specific conditions. This change aims to encourage responsible security research and enhance overall cybersecurity in the country.

Dec 7, 2025

Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold

Help Net Security

The article highlights recent developments in cybersecurity, including a patched flaw in React and Node.js, as well as a ransomware intrusion that has revealed an espionage foothold. These incidents underscore the ongoing challenges in securing software frameworks and the risks posed by cyber threats to sensitive information.

Dec 7, 2025

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Security Affairs

A hacking campaign has been targeting GlobalProtect logins and scanning SonicWall APIs since December 2, 2025. The attack is significant due to its scale, involving over 7,000 IP addresses linked to a German hosting provider, indicating a coordinated effort that poses a serious threat to the security of affected systems.

Dec 6, 2025

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

The Hacker News

Over 30 security vulnerabilities have been identified in AI-powered Integrated Development Environments (IDEs), collectively termed IDEsaster. These vulnerabilities combine prompt injection techniques with legitimate features, allowing for potential data exfiltration and remote code execution, posing significant risks to developers and organizations using these tools.

Dec 6, 2025

Your smart home is at risk - 6 ways to protect your devices from attack

Latest news

This article discusses the cybersecurity risks associated with smart home devices and emphasizes the importance of minimizing entry points to enhance security. It highlights the growing concern over vulnerabilities in smart home technology and the potential for unauthorized access and attacks.

Dec 6, 2025