Shai-Hulud public GitHub repository credential exposure
Data Leak
Summary
Hide ▲
Show ▼
Shai-Hulud stole developer credentials that were later exposed in public GitHub repositories, turning a theft phase into a public leak of access data. The exposed material involved accounts with publishing rights, which raises the risk of package tampering and impersonation. The leak matters because public publication makes the stolen information easier to copy, redistribute, and reuse.
Related Happenings
Single organization's private GitHub repository cloned after confirmed access
Data Leak
H score12
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
**Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
Single organization's private GitHub repository cloned after confirmed access
Data LeakAbout this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...
Miasma source code leak on GitHub
Data Leak
H score32
First: 10.06.2026 23:27
Last: 10.06.2026 23:27
Sources 1
About this happening:
The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Miasma source code leak on GitHub
Data LeakAbout this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...
Congress demands CISA answers on GitHub credential leak
Public Sector Action
H score19
First: 22.05.2026 19:34
Last: 22.05.2026 19:34
Sources 1
About this happening:
**Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
Congress demands CISA answers on GitHub credential leak
Public Sector ActionAbout this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
CISA contractor GitHub repository exposed internal credentials
Data Leak
H score28
First: 18.05.2026 23:48
Last: 18.05.2026 23:48
Sources 1
About this happening:
A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
CISA contractor GitHub repository exposed internal credentials
Data LeakAbout this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
Latest development: 22.05.2026 19:34
On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.
Shai-Hulud worm clone activity on NPM
Malware Activity
H score69
First: 18.05.2026 12:45
Last: 18.05.2026 12:45
Sources 1
How related:
A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information.
About this happening:
The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Shai-Hulud worm clone activity on NPM
Malware ActivityHow related: A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information.
About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...
Timeline
-
18.05.2026 20:28 2 articles · 1mo ago
Stolen developer credentials exposed in public GitHub repositories
Initial DisclosureStolen developer credentials for accounts with publishing rights were exposed in public GitHub repositories, creating a public leak of access data that could be copied and reused for package tampering and impersonation.
Show sources
- Leaked Shai-Hulud malware fuels new npm infostealer campaign — www.bleepingcomputer.com — 18.05.2026 20:28
- Leaked Shai-Hulud malware fuels new npm infostealer campaign — www.bleepingcomputer.com — 18.05.2026 20:28