Find notable cyber news and cases, enriched with sources, timelines, and signals.

Shai-Hulud public GitHub repository credential exposure

Data Leak
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

Shai-Hulud stole developer credentials that were later exposed in public GitHub repositories, turning a theft phase into a public leak of access data. The exposed material involved accounts with publishing rights, which raises the risk of package tampering and impersonation. The leak matters because public publication makes the stolen information easier to copy, redistribute, and reuse.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

Miasma source code leak on GitHub

Data Leak
H score32 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma source code** was **briefly leaked on GitHub**, exposing malware framework code that could be copied, studied, and modified by other threat actors. The exposure repor...

Congress demands CISA answers on GitHub credential leak

Public Sector Action
H score19 First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

CISA contractor GitHub repository exposed internal credentials

Data Leak
H score28 First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

Shai-Hulud worm clone activity on NPM

Malware Activity
H score69 First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

How related: A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information.

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Timeline

  1. 18.05.2026 20:28 2 articles · 1mo ago

    Stolen developer credentials exposed in public GitHub repositories

    Initial Disclosure

    Stolen developer credentials for accounts with publishing rights were exposed in public GitHub repositories, creating a public leak of access data that could be copied and reused for package tampering and impersonation.

    Show sources