this post was submitted on 25 Nov 2025
9 points (90.9% liked)

Security

1560 readers
9 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev
9
Shai-Hulud round 2 on GitHub, massive leaks of data and propagation of stealer (about.gitlab.com)
submitted 1 month ago by pylapp@programming.dev to c/security@programming.dev
1 comments fedilink hide all child comments
 

Publication croisée depuis https://programming.dev/post/41331208

"Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables.

The malicious code exfiltrates the stolen information by creating a GitHub Action runner named SHA1HULUD, and a GitHub repository description Sha1-Hulud: The Second Coming.. This suggests it may be the same attacker behind the "Shai-Hulud" attack observed in September 2025.

And now, over 27,000 GitHub repositories were infected."

Other source with list of compromised package available

top 1 comments
sorted by: hot top controversial new old
[–] ianhclark510@lemmy.blahaj.zone 3 points 1 month ago

Bless the Maker and His water.