Shai Hulud 2.0: The NPM Supply Chain Attack Returns as an Aggressive Self-Propagating Worm

shai-hulud-2

The newly uncovered “Shai Hulud 2.0”, also known as sha1-hulud, campaign is one of the most aggressive npm supply-chain attacks to date. Unlike the earlier, more contained incident, this wave introduces a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs. More than 25,000 repositories tied to hundreds of developers have already […]

Footer-Logo-07_03_2025

Stay In Touch

This field is for validation purposes and should be left unchanged.

Product

CNAPP
CSPM
CWPP
Container Security
Identity Security
Vulnerability Management
DSPM
CADR
API Security
GenAI Security

General

About
Contact
Careers
We are hiring!
Events
Case Studies
Get A Demo

Social

X
LinkedIn
Instagram

Resources

UpwindTV
Feed
Glossary
Integrations
Newsroom

Documentation

Privacy Policy
Terms of Use

© 2025 Upwind Security