Live Updates: Sha1-Hulud, The Second Coming — Hundreds of NPM Packages Compromised Source: www.koi.ai/incident/… We are tracking a major resurgence of the Shai-Hulud malware campaign, now emerging as a new variant referred to as “Sha1-Hulud: The Second Coming.” This outbreak has already surpassed the original incident, with more than 800 npm packages confirmed as trojanized and tens of thousands of GitHub repositories affected. The campaign is spreading rapidly across multiple maintainers, including the Zapier and ENS ecosystems. The malicious packages embed credential-stealing payloads designed to capture developer tokens, leak secrets, and establish persistent footholds across repositories and developer environments. This page will be updated continuously as the investigation progresses and additional compromised packages are identified.
Sha1-Hulud, The Second Coming
Edward Kiledjian
@ekiledjian