Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Shai-Hulud Copycat Worm Infects yet Another Npm Package

OXsecurity said the four typosquatted packages stole credentials and cloud data, and the downloads totaled 2,678 before the malware was removed.

Summary by The Register
A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums. The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai-Hulud, which TeamPCP published last week on GitHub after poisoning more than 170 npm packages with the cred…
Podcasts & Opinions

9 Articles

The RegisterThe Register
Center

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums. The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai-Hulud, which TeamPCP published last week on GitHub after poisoning more than 170 npm packages with the cred…

Read Full Article
BleepingComputerBleepingComputer
+2 Reposted by 2 other sources
Center

Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.

Read Full Article
HeiseHeise

Npm Worm Shai-Hulud: Attack of Clones

The malware authors behind the npm worm Shai-Hulud have published the source code. Now the first clones appear.

·Germany
Read Full Article
unsafe.shunsafe.sh

The Open-Source NPM Ecosystem Worm Shai-Hulud Is Being Used by More Hackers; Security Companies Have Discovered New Malicious Packages on NPM.

The open-source NPM ecosystem worm Shai-Hulud is being used by more hackers; security companies have discovered new malicious packages on NPM.

Read Full Article
phoenix.securityphoenix.security

Mini Shai-Hulud Copycats and the TanStack Wave: OpenAI Hit, Mistral Extorted, and Four Copycat npm Packages Hit the Registry

OpenAI has disclosed two employee devices were compromised in the May 11, 2026 Mini Shai-Hulud TanStack supply chain attack, with internal source code repositories accessed and iOS, macOS, and Windows code-signing certificates rotated. Mistral AI confirmed one developer device was hit and is facing a $25,000 TeamPCP extortion demand for an alleged 5 GB source code leak. Days later, TeamPCP launched a $1,000 Monero “supply chain attack contest” o…

Read Full Article
securityweek.comsecurityweek.com

First Shai-Hulud Worm Clones Emerge

At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news on Monday, May 18, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Supply Chain icon

Supply Chain

Windows icon

Windows

Technology icon

Technology

Germany icon

Germany

Cybersecurity icon

Cybersecurity

Business & Markets icon

Business & Markets

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal