Back to graph

Topic analysis

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

On May 19, 2026, the compromised npm account "atool" was exploited to publish 637 malicious versions across 314 packages in an automated 22-minute burst, deploying the Mini Shai-Hulud malware toolkit previously seen in a SAP compromise. The malware harvests a broad range of credentials (AWS, Kubernetes, GitHub, npm, SSH keys, etc.), exfiltrates data via public GitHub repositories, establishes multiple persistence mechanisms in developer and CI/CD environments, and uses orphan imposter commits in the antvis/G2 repository as a covert secondary payload delivery channel.

Heat score

1

Sources

1

Platforms

1

Relations

0
First seen
May 19, 2026, 1:04 PM
Last updated
May 19, 2026, 8:30 PM

Why this topic matters

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised is currently shaped by signals from 1 source platforms. This page organizes AI analysis summaries, 1 timeline events, and 0 relationship edges so search engines and AI systems can understand the topic's factual basis and propagation arc.

News

Keywords

10 tags
npm package compromiseMini Shai-Huludcredential harvestingsupply chain attackGitHub exfiltrationimposter commitsCI/CD securitypersistence mechanismscontainer escapeSigstore signing

Source evidence

1 evidence items

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

News · 1
May 19, 2026, 1:04 PMOpen original source

Timeline

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

May 19, 2026, 1:04 PM

Related topics

No related topics have been aggregated yet, but this page still preserves the AI summary, source links, and timeline.