Resources

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry.
The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the “setup_bun.js” loader and the main payload “bun_environment.js.”
“

Related resources

22 August 2025

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The “Linux-specific malware infection chain that starts with a […]

8 January 2026

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, […]

12 September 2025

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: […]

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Smashing Security podcast #445: The hack that brought back the zombie apocalypse

Resources

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Related resources

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Links

Enterprise Solutions

SMB Solutions

Contact Us

Follow Us