Shai-Hulud Worm Hits 500 npm Packages — 26,000 Repositories Affected

Security researchers have identified a new wave of supply-chain attacks linked to a self-replicating worm, Shai-Hulud, which has infected nearly 500 npm packages and exposed over 26,000 open-source repositories on GitHub. The malware, discovered by Charlie Eriksen of Aikido Security, was uploaded over a three-day period and is rapidly propagating using stolen npm tokens. Major packages, including Zapier and Postman, were compromised, allowing attackers to populate repositories with stolen data. The campaign remains active, and researchers warn of potential downstream exploitation due to exposed credentials.