SlowMist
SlowMist|May 21, 2026 09:13
We’ve released a detailed technical analysis of the supply chain poisoning activities related to Shai-Hulud. Within just 22 minutes, the attacker-controlled npm account “atool” published 637 malicious versions across 317 npm packages, including popular dependencies in the AntV ecosystem and echarts-for-react. At the same time, the attackers also poisoned Python packages such as durabletask while impersonating official Microsoft releases. The malware primarily targets sensitive credentials from cloud environments including AWS, GCP, Azure, Kubernetes, and Vault, as well as npm and GitHub tokens. It also features supply chain self-propagation and persistence mechanisms targeting AI coding assistants such as Claude Code and Codex. Full technical analysis👇 https://slowmist.medium.com/threat-intelligence-shai-hulud-supply-chain-poisoning-cloud-credential-theft-and-1b8a3a4edd12(SlowMist)
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads