Mini Shai-Hulud Malware Campaign Compromises Open-Source Packages

📌 A malware campaign dubbed "Mini Shai-Hulud" has compromised hundreds of open-source packages in a large-scale supply-chain attack targeting major software registries. The attack leveraged legitimate-looking release signatures to weaponize the software update process, evading detection. No specific dates, CVE IDs, or affected organizations were disclosed, but the threat impacted npm and other open-source ecosystems. The malware's name references the fictional "Shai-Hulud" sandworms from Dune, implying a stealthy and pervasive nature. Security firms Aikido Security, Snyk, and Socket were involved in identifying or analyzing the attack. The full scope and impact remain under investigation.