惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Security Research | Blog

ClaudeFix: Shared Claude Chats Meet ClickFix | Zscaler Why Do F1 Teams Need Cybersecurity, and What Is AI’s Role? Indirect Prompt Injection Targets AI Agents | ThreatLabz Splunk Enterprise RCE (CVE-2026-20253) | ThreatLabz Edgecution: Malicious Edge Extension Backdoor | ThreatLabz SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz What the ThreatLabz 2026 Phishing and Initial Access Report Means for the Public Sector | Zscaler Shai-Hulud: Miasma, Hades, & AI Scanner Evasion | ThreatLabz Zscaler ThreatLabz 2026 Phishing and Initial Access Report Technical Analysis of MLTBackdoor | ThreatLabz When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing | Zscaler OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz Tropic Trooper: AdaptixC2 + Custom Beacon | ThreatLabz Do not delete blog (testing) | Zscaler Payouts King Takes Aim at the Ransomware Throne | ThreatLabz The Alibaba Incident and Why Zero Trust Matters More Than Ever In-Memory Loader Drops ScreenConnect | ThreatLabz Supply Chain Attacks Surge in March 2026 | ThreatLabz Claude Code Leak: Critical AI Security Threat 2026 Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz CVE-2026-20131: Analysis of FMC RCE | ThreatLabz Technical Analysis of SnappyClient | ThreatLabz China-nexus Group Targets Arabian Gulf Region | ThreatLabz Middle East Conflict Fuels Cyber Attacks | ThreatLabz Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz APT37 Adds New Tools For Air-Gapped Networks | ThreatLabz GuLoader Obfuscation Analysis | ThreatLabz Technical Analysis of Marco Stealer | ThreatLabz Latest Public Sector AI Adoption Trends: What Government, Healthcare, and Education Security Teams Need to Know | Zscaler Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz 7 Predictions for 2026 | Zscaler SHEETCREEP, FIREPOWER, and MAILCREEP Analysis | ThreatLabz AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report | Zscaler GOGITTER, GITSHELLPAD, and GOSHELL Analysis | ThreatLabz Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek | Zscaler BlindEagle Deploys Caminho and DCRAT | ThreatLabz Technical Analysis of the BlackForce Phishing Kit | ThreatLabz React2Shell RCE Vulnerability (CVE-2025-55182) | ThreatLabz Shai-Hulud V2 Poses Risk to NPM Supply Chain | ThreatLabz Technical Analysis of Matanbuchus 3.0 | ThreatLabz In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz Mobile, IoT, and OT Risks Converge in the Public Sector | Zscaler Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report | Zscaler Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058) | Zscaler F5 Security Incident Advisory | Zscaler Under the Radar: How Non-Web Protocols Are Redefining the Attack Surface | Zscaler SEO Poisoning Targets Ivanti VPN: Credential Theft Alert Cisco Firewall and VPN Zero Day Attacks | ThreatLabz COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz YiBackdoor: Linked to IcedID and Latrodectus | ThreatLabz Technical Analysis of Zloader Updates | ThreatLabz Malicious PyPI Packages Deliver SilentSync RAT | ThreatLabz Technical Analysis of SmokeLoader Version 2025 | ThreatLabz Technical Analysis of kkRAT | ThreatLabz APT37: Rust Backdoor & Python Loader | ThreatLabz Anatsa’s Latest Updates | ThreatLabz Termncolor and Colorinal Explained | ThreatLabz GenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabz Tracking Updates to Raspberry Robin | ThreatLabz Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report | Zscaler China-nexus APT Targets the Tibetan Community | ThreatLabz CVE-2025-53770 | ThreatLabz Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz
Mitigating Risks from the Shai-Hulud NPM Worm | ThreatLabz
Atinderpal Singh · 2025-09-20 · via Security Research | Blog

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Introduction

On September 15th 2025, ReversingLabs (RL) researchers discovered a self-replicating worm called “Shai-Hulud” in the npm open-source registry. The worm autonomously spreads through the npm registry by hijacking maintainer accounts and injecting malicious code into public and private packages. Over 200 npm packages and more than 500 versions were compromised between September 14th and 18th. Each infected package helps the Shai-Hulud worm spread further which creates a chain reaction across the npm ecosystem.

Named after its repository, the Shai-Hulud worm targets sensitive data like tokens, keys, and private repositories. While end-user applications are less directly affected, build environments may have been exposed through leaked credentials or code. RL has identified hundreds of compromised packages, including widely used ones like ngx-bootstrap, ng2-file-upload, and @ctrl/tinycolor, which have millions of weekly downloads. The interconnected nature of npm packages makes it difficult to predict the worm’s impact.

Recommendations

  • Use private registry proxies and software composition analysis (SCA) tools to filter and monitor third-party packages. Remove compromised package versions, clear caches, and reinstall clean ones. Use private package managers to block malicious versions.
  • Apply least privilege principles by using scoped, short-lived keys and tokens. Revoke npm tokens, GitHub personal access tokens (PATs), cloud keys, and CI/CD secrets.
  • Flag abnormal npm publish events, GitHub workflow additions, or the unexpected use of secret scanners in CI processes. Hunt for indicators of compromise (IOCs) like bundle.js, workflows named shai-hulud-workflow.yml, or outbound traffic to webhook[.]site.
  • Update response playbooks for supply chain attacks and conduct practice drills. Treat impacted systems as compromised by isolating, scanning, or reimaging them.
  • Restrict build environments to internal package managers or trusted mirrors, and limit internet access to reduce data exfiltration risks. Enable multifactor authentication (MFA) across all platforms, including npm, GitHub, and cloud services.
  • Reinforce phishing awareness, and the secure handling of tokens and secrets with developer teams.

Affected Versions

Notable examples of compromised packages and their versions include: 

  • @ctrl/tinycolor - Versions 4.1.1 and 4.1.2
  • @crowdstrike/* - Multiple versions of packages

Impacted platforms

All major operating systems (OS), including Windows, Linux, and macOS, are affected and become vulnerable when compromised npm packages are installed.

Vulnerability Details

The Shai-Hulud worm exploits compromised npm packages by planting a malicious post-install script. When executed, the script executes several actions:

  • Uses TruffleHog to steal sensitive data, such as tokens, API keys, environment variables, and cloud credentials.
  • Sends exfiltrated data to threat actor-controlled webhooks and GitHub repositories named Shai-Hulud.
  • Publishes infected versions of all packages owned by the victim.
  • Injects malicious workflows and converts private repositories to public access.

This combination of credential theft, package trojanization, and self-replication makes the Shai-Hulud worm uniquely dangerous.

Conclusion

The Shai-Hulud worm rapidly compromised hundreds of npm packages and versions across Windows, Linux, and macOS, showing how quickly and widely vulnerabilities in open-source ecosystems can be exploited. By combining credential theft, automated propagation, and repository tampering, the Shai-Hulud worm has set a precedent for future supply chain attacks. To prevent similar incidents, organizations must act immediately by revoking exposed credentials, strengthening supply chain defenses, and implementing enhanced monitoring to detect and respond to potential threats.

Zscaler Coverage

Zscaler has enhanced its security measures to cover this threat, ensuring that any attempts to download a malicious npm package will be detected under the following threat classifications:

Advanced Threat Protection

Attempts to access the web service for data exfiltration will be identified and flagged under the following threat name:

Advanced Threat Protection

  • JS.Worm.Shai-Hulud.LZ

form submtited

Thank you for reading

Was this post useful?

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

A malware package icon atop a glowing computer screen.

Supply Chain Risk in Python: Termncolor and Colorinal Explained

A package icon atop a computer screen.

Malicious PyPI Packages Deliver SilentSync RAT

A digital background with the words "Malware" falling from the top.

NodeLoader Exposed: The Node.js Malware Evading Detection

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.