EPISODE · Jun 14, 2026 · 25 MIN
Signal//Noise #022 - Another Day, Another Shai-Hulud
from Signal // Noise · host Chris Loehr & Bob Miller
637 malicious npm packages in 22 minutes. Here is what happened, who is at risk, and what to do right now.On May 19, 2026, the Shai-Hulud supply chain poisoning campaign hit the npm ecosystem again. A single automated publisher account poisoned 317 package names including high-download AntV and echarts-for-react dependencies, deploying a complete credential theft and self-propagation kill chain against developer workstations and CI/CD pipelines worldwide. WHAT WE COVER- How 637 malicious package versions were published in 22 minutes via automated npm pipeline- Three payload variants: lightweight external-ref (defeats static scanning), full-featured embedded credential stealer, and enhanced worm with self-propagation- Why the Python Dead-drop C2 hiding in GitHub commit search traffic is nearly undetectable- GitHub's response: 640 packages removed and 61,274 npm tokens invalidated- Attribution: why SlowMist calls this a probable copycat and why that matters more than the actor identityKEY TAKEAWAYS- npm lifecycle hooks execute with user privileges on install with no sandbox and no confirmation prompt- AI coding assistant configuration files are now a viable attacker persistence vector most security programs do not cover- Stolen npm OIDC tokens enable self-propagation: your own packages can become infection vectors for your downstream usersABOUT THE SHOWSignal // Noise is a cybersecurity podcast where Chris Loehr and Bob Miller break down the latest security incidents, threats, and trends. Subscribe for weekly analysis that helps security professionals and business leaders stay ahead of emerging threats.RESOURCES- Original article: https://slowmist.medium.com/threat-intelligence-shai-hulud-supply-chain-poisoning-cloud-credential-theft-and-1b8a3a4edd12- Microsoft Security Blog (Mini Shai Hulud): https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/- SlowMist MistEye IOC Platform: https://enterprise.misteye.io/threat-intelligence/SM-2026-650212- SafeDep analysis: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/- Endor Labs SLSA forgery: https://www.endorlabs.com/learn/mini-shai-hulud-returns-42-malicious-npm-packages-fake-sigstore-badges-in-antv-ecosystem-attack- StepSecurity durabletask: https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chain-attackTAGSMini Shai-Hulud, Shai-Hulud npm, supply chain attack, npm malware,
What this episode covers
637 malicious npm packages in 22 minutes. Here is what happened, who is at risk, and what to do right now.On May 19, 2026, the Shai-Hulud supply chain poisoning campaign hit the npm ecosystem again. A single automated publisher account poisoned 317 package names including high-download AntV and echarts-for-react dependencies, deploying a complete credential theft and self-propagation kill chain against developer workstations and CI/CD pipelines worldwide. WHAT WE COVER- How 637 malicious package versions were published in 22 minutes via automated npm pipeline- Three payload variants: lightweight external-ref (defeats static scanning), full-featured embedded credential stealer, and enhanced worm with self-propagation- Why the Python Dead-drop C2 hiding in GitHub commit search traffic is nearly undetectable- GitHub's response: 640 packages removed and 61,274 npm tokens invalidated- Attribution: why SlowMist calls this a probable copycat and why that matters more than the actor identityKEY TAKEAWAYS- npm lifecycle hooks execute with user privileges on install with no sandbox and no confirmation prompt- AI coding assistant configuration files are now a viable attacker persistence vector most security programs do not cover- Stolen npm OIDC tokens enable self-propagation: your own packages can become infection vectors for your downstream usersABOUT THE SHOWSignal // Noise is a cybersecurity podcast where Chris Loehr and Bob Miller break down the latest security incidents, threats, and trends. Subscribe for weekly analysis that helps security professionals and business leaders stay ahead of emerging threats.RESOURCES- Original article: https://slowmist.medium.com/threat-intelligence-shai-hulud-supply-chain-poisoning-cloud-credential-theft-and-1b8a3a4edd12- Microsoft Security Blog (Mini Shai Hulud): https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/- SlowMist MistEye IOC Platform: https://enterprise.misteye.io/threat-intelligence/SM-2026-650212- SafeDep analysis: https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/- Endor Labs SLSA forgery: https://www.endorlabs.com/learn/mini-shai-hulud-returns-42-malicious-npm-packages-fake-sigstore-badges-in-antv-ecosystem-attack- StepSecurity durabletask: https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chain-attackTAGSMini Shai-Hulud, Shai-Hulud npm, supply chain attack, npm malware,
NOW PLAYING
Signal//Noise #022 - Another Day, Another Shai-Hulud
No transcript for this episode yet
Similar Episodes
Jun 29, 2026 ·32m
Jun 29, 2026 ·49m
Jun 28, 2026 ·84m
Jun 28, 2026 ·38m
Jun 26, 2026 ·3m