{"id":4075,"date":"2026-05-15T15:47:12","date_gmt":"2026-05-15T15:47:12","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/05\/15\/widespread-mini-shai-hulud-campaign-is-a-matter-of-trust\/"},"modified":"2026-05-15T15:47:12","modified_gmt":"2026-05-15T15:47:12","slug":"widespread-mini-shai-hulud-campaign-is-a-matter-of-trust","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/05\/15\/widespread-mini-shai-hulud-campaign-is-a-matter-of-trust\/","title":{"rendered":"Widespread Mini Shai-Hulud Campaign Is a Matter of Trust"},"content":{"rendered":"
\"\"<\/div>\n

\"\"<\/p>\n

The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI\/CD pipelines<\/a>, an issue that has been raised in recent months as bad actors increasingly turn their attention to DevOps environments<\/a>.<\/p>\n

That said, these most recent Shai-Hulud incidents attributed to the TeamPCP group also reflect the trend toward abusing trust, a key point given the extensive connectivity between corporate ecosystems and development platforms.<\/p>\n

\u201cShai-Hulud\u00a0should be understood less as a one-off package compromise and more as an evolving supply-chain playbook,\u201d said Jonathan Stross, SAP security analyst at Pathlock.<\/p>\n

Earlier waves of Shai-Hulud attacks in 2025 and this year focused on stealing developer and maintainer credentials and using them to publish more malicious packages. In the latest incidents \u2013 referred to as \u201cMini Shai-Hulud\u201d \u2013 the threat group abused trusted CI\/CD publishing paths and OpenID Connect (OIDC) tokens, meaning that malicious package versions still carried valid provenance attestations.<\/p>\n

\u201cIn other words, some of the signals defenders increasingly rely on to establish trust were present, even though the package content was malicious,\u201d Stross said.<\/p>\n

Chuck Randolph, senior vice president for strategic intelligence and security at 360 Privacy, said organizations, their development teams, and code repositories need to recognize and prepare for such campaigns, which build on the trend over the past several years to abuse identities.<\/p>\n

\u201cModern attacks increasingly exploit trust rather than simply targeting vulnerabilities,\u201d Randolph said. \u201cWhether it is software ecosystems, digital identities, or interconnected platforms, adversaries are learning to weaponize trusted relationships to gain speed, scale, and operational access.\u201d<\/p>\n

Broad Exposure<\/h3>\n

What organizations need to take away from all this is that \u201cthe attack surface is no longer limited to a single system or user,\u201d he added. \u201cExposure now exists across entire ecosystems, where one compromised relationship, credential, or trusted platform can create cascading downstream effects. The broader lesson is that digital exposure and operational risk are becoming increasingly interconnected.\u201d<\/p>\n

Researchers with a number of security firms, including Endor Labs, Aikido, Socket, and StepSecurity, wrote reports in recent days outlining the latest round of attacks that involve compromised npm and PyPI packages from a range of companies, including Mistral AI<\/a>, Guardrails AI, TanStack<\/a>, and UiPath.<\/p>\n

TeamPCP emerged last year, targeting cloud-native environments with automated supply-chain attacks that plant malware into software updates that infect organizations that download them. In this campaign, the threat actors acquired broad permission in GitHub Actions workflows and made their payload appear to be an initialization module.<\/p>\n

Stealing Credentials and Secrets<\/h3>\n

An obfuscated JavaScript file planted in the npm packages looks for secret files and SSH keys and steals credentials \u2013 including security keys and passwords \u2013 and targets high-profile cloud players like Google Cloud Platform, Amazon Web Services, HashiCorp Vault, and Kubernetes, as well as AI tools, messaging apps, and cryptocurrency wallets.<\/p>\n

In line with other TeamPCP attacks, the malware creates a ransom note and threatens to wipe the computer of its data if the victim tries to revoke the compromised access.<\/p>\n

Jason Soroko, Senior Fellow at Sectigo, noted that the \u201clatest wave adopts a stealthier execution model. By bundling a JavaScript payload within the package tarball and utilizing an optional GitHub dependency to trigger execution via the Bun runtime, the attackers bypass traditional static scanning.\u201d<\/p>\n

Same Goals, Bigger Scale<\/h3>\n

Aikido security researcher Raphael Silva wrote in a report<\/a> that the vendor\u2019s malware team detected 737 malicious package-version entries across 169 npm package names. The campaign echoes another one involving Shai-Hulud last month that targeted SAP packages.<\/p>\n

\u201cThe basic goal is still the same: steal credentials from developer machines and CI\/CD runners, then use those credentials to reach more packages,\u201d Silva wrote. \u201cWhat changed is the scale and the release path. This wave does not just look like someone manually publishing bad versions. The malware is built to run inside build systems, steal npm and GitHub access, and abuse trusted publishing paths to push new compromised packages. \u2026 This is the follow-up: the same idea, but with a much bigger blast radius.\u201d<\/p>\n

\u2018The Worm is Iterating\u2019<\/h3>\n

Peyton Kennedy, security researcher with Endor Labs, wrote that Mini Shai-Hulud is not only getting larger, but also more technically sophisticated<\/a> with each campaign. For example, the four SAP packages in two weeks became 84 TanStack packages and the static-token and OIDC branch-push vectors in the SAP campaign now include \u201ca new orphaned-commit-through-a-fork technique that bypasses branch protection rules while still yielding a legitimate OIDC-derived publish token,\u201d Kennedy wrote.<\/p>\n

\u201cThe underlying truth of this campaign arc remains unchanged: provenance tells you where a package was built, not whether the build was authorized,\u201d he wrote. \u201cOIDC trusted publishing removes the need for long-lived tokens, but introduces a new trust surface \u2014 the scope of what workflows and commits can request those tokens. Narrowing that scope to the minimum required is the control that closes this class of attack.\u201d<\/p>\n

\u201cThe worm is iterating. Defenders need to as well,\u201d Kennedy wrote.<\/p>\n

Read More<\/a><\/p>\n

\u200b<\/p>","protected":false},"excerpt":{"rendered":"

The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and […]<\/p>\n","protected":false},"author":1,"featured_media":4076,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-4075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=4075"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4075\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/4076"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=4075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=4075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=4075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}