Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.”The campaign introduces a new variant that executes malicious
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html
