Get immediate answers and hands-on help from Upwind’s MDR team in response to the latest npm supply chain threat.
The “Shai Hulud 2.0” campaign is one of the most aggressive npm supply-chain attacks to date, introducing a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs.
More than 25,000 repositories tied to hundreds of developers have already been affected, driven by malicious preinstall scripts, workflow injections, and forced repository migrations used to harvest credentials and republish altered packages at scale.
If you’re unsure whether your pipelines, package dependencies, or workflows have been affected, or just want expert help understanding what to look for, the Upwind team is here 24/7 to help you live.
Our MDR Team is available 24/7 right now to:
- Analyze suspicious behavior across your environments
- Help identify potential compromise
- Review dependency chains and CI activity for signs of impact
- Walk you through Upwind’s real-time detection insights
You’ll be added to a live Zoom room after registering where you can ask questions, and get guidance directly from our experts.
To protect everyone in the security community we will only allow security professionals with approved corporate email address to join the call.
Live Briefing | Tuesday, November 25 @ 1PM EST
Tomorrow, on the same zoom link, we will also be hosting a live briefing at 1PM EST with our MDR Team where they will recap their findings. Register here for that session.
If you are a customer and need immediate support, reach out directly to your account manager or using the inbuilt chat widget on the platform to jump on with our security experts right now.
Read the full breakdown and affected packages from the Upwind Research team: Here
