Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ A security tool to detect compromised npm packages from the Shai-Hulud supply ch
### Original Shai-Hulud (September 2025)
The original attack infected **200+ npm packages** (as tracked in this tool) with multiple versions affected per package.

### Shai-Hulud 2.0 (November 2025) - NEW
### Shai-Hulud 2.0 (November 2025)
A new variant emerged in November 2025 with significant changes:
- **738+ compromised packages** with **1,291 unique package@version combinations**
- **25,000+ affected repositories** across **~350 unique users**
Expand All @@ -25,6 +25,10 @@ A new variant emerged in November 2025 with significant changes:

**Reference**: [Wiz Research - Shai-Hulud 2.0 Blog Post](https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack)

### Shai-Hulud 2.0 (December 2025)
Updated affected package list and detection capabilities:
- **996+ compromised packages** with **1,647 unique package@version combinations**

### 🦠 How the Attack Works

**Patient Zero**: The attack started with the `rxnt-authentication` package published on September 14, 2025, at 17:58:50 UTC by the compromised "techsupportrxnt" npm account.
Expand Down
Loading
Loading