> TritonInfoSec News
Home / May 20, 2026 / Story
0
#5 BleepingComputer general May 19, 2026 at 14:30 UTC

New Shai-Hulud malware wave compromises 600 npm packages

By Bill Toulas

AI Summary

Threat actors published over 600 malicious packages to the npm index as part of a new Shai-Hulud supply-chain campaign, with the Mini Shai-Hulud wave also compromising packages in the @antv ecosystem including echarts-for-react, which has approximately 1.1 million weekly downloads. The attacks leverage compromised maintainer accounts to steal publishing tokens, install OS-level backdoors, and persist in CI/CD pipelines. The release of Shai-Hulud source code has enabled clone campaigns, dramatically scaling the threat to developer environments.

Read full article → https://www.bleepingcomputer.com/news/security/new…

Relevance score: 84.0/100

# More from May 20

  1. 1
    GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories The Hacker News
  2. 2
    Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector SecurityWeek
  3. 3
    Cybercrime service disrupted for abusing Microsoft platform to sign malware BleepingComputer
  4. 4
    In stunning display of stupid, secret CISA credentials found in public GitHub repo Ars Technica Security
  5. 6
    Max-severity flaw in ChromaDB for AI apps allows server hijacking BleepingComputer
  6. 7
    Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare The Hacker News
  7. 8
    DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability The Hacker News
  8. 9
    The New Phishing Click: How OAuth Consent Bypasses MFA The Hacker News
  9. 10
    GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials The Hacker News