this post was submitted on 25 Nov 2025
3 points (71.4% liked)

Opensource

4657 readers
42 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
3
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer (about.gitlab.com)
submitted 1 month ago by pylapp@programming.dev to c/opensource@programming.dev
0 comments fedilink hide all child comments
 

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here