Find notable cyber news and cases, enriched with sources, timelines, and signals.

Shai-Hulud secrets leak on GitHub

Data Leak
First reported
Last updated
Happening score
H score 75
2 unique sources, 3 articles

Summary

Hide ▲

The Shai-Hulud supply-chain malware leak exposed developer and CI/CD secrets on GitHub, creating immediate reuse risk for credentials taken from compromised development workflows. The second attack last week infected hundreds of NPM packages, published stolen data in 30,000 GitHub repositories, and exposed around 400,000 raw secrets. Wiz said more than 60% of leaked NPM tokens were still valid as of December 1st, and the malware also included a home-directory wipe under certain conditions.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

Sapphire Sleet Mastra npm supply-chain campaign

Campaign
H score42 First: 20.06.2026 17:09 Last: 20.06.2026 17:09 Sources 1

About this happening: The **Mastra AI** supply-chain campaign was attributed to **Sapphire Sleet / BlueNoroff** after **Microsoft** said the operation compromised the **npm maintainer account "ehindero...

Developers' AI provider API keys exfiltrated via malicious JetBrains plugins

Data Leak
H score12 First: 17.06.2026 12:10 Last: 17.06.2026 12:10 Sources 1

About this happening: Developers' **AI provider API keys** were **exfiltrated** through malicious **JetBrains Marketplace** plugins, exposing credentials from a broad user base and risking unauthorized...

Miasma source code leak on GitHub

Data Leak
H score32 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...

Shai-Hulud PyPI supply-chain malware activity

Malware Activity
H score22 First: 08.06.2026 23:41 Last: 08.06.2026 23:41 Sources 1

About this happening: The **Shai-Hulud** supply-chain malware compromised **19 PyPI packages**, turning routine installs into secret-stealing execution and putting **developer credentials** at risk. Th...

Timeline

  1. 24.11.2025 16:32 3 articles · 7mo ago

    Shai-Hulud npm campaign leaks secrets on GitHub

    Initial Disclosure

    Shai-Hulud planted trojanized npm packages impersonating Zapier, ENS Domains, PostHog, and Postman to steal developer and CI/CD secrets, then published the stolen data on GitHub in encoded form through attacker-controlled repositories. Researchers linked the operation to compromised maintainer accounts, about 350 unique maintainer accounts, and malicious payloads that run during the pre-install stage, including setup_bun.js and bun_environment.js.

    Show sources