Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack

In September 2025, a significant security breach known as the "Shai-Hulud" attack targeted npm packages, spreading malware designed to exfiltrate cloud credentials, API keys, and other sensitive data through webhook transmissions and GitHub repositories. The attack began with the compromise of ngx-bootstrap and ng2-file-upload packages, which included malicious scripts that executed upon installation, affecting developers' environments by stealing their tokens and secrets. The malicious packages were removed quickly, but the threat extended to other npm packages, impacting a broad range of developers and CI/CD environments. The Snyk security team is actively investigating the incident, offering resources to help detect and mitigate the impact of these attacks. GitHub has issued advisories, and users are urged to treat any affected systems as compromised, rotate all secrets, and perform thorough audits and remediations. This incident follows a series of supply chain attacks in 2025, highlighting the ongoing risks of software supply chain vulnerabilities and emphasizing the importance of robust security measures like two-factor authentication and regular security audits.