Sandworm
PulseAugur coverage of Sandworm — every cluster mentioning Sandworm across labs, papers, and developer communities, ranked by signal.
- 2026-05-19 research_milestone The source code for the Shai-Hulud AI worm was publicly released.
1 day(s) with sentiment data
-
GitHub disables npm auto-run scripts after worm exploit
GitHub has disabled automatic script execution for npm packages, a feature that allowed packages to run code upon installation. This change was prompted by the exploitation of this functionality by the 'Shai-Hulud' worm…
-
Shai-Hulud malware infects Red Hat npm packages
The Shai-Hulud malware has compromised versions of Red Hat's npm packages, with approximately 80,000 downloads occurring weekly. This malicious software is suspected to be the work of the TeamPCP group or a copycat. The…
-
Network allow-lists fail to prevent data exfiltration from sandboxes
A security vulnerability exists in sandboxing environments that rely solely on network allow-lists for protection. Untrusted code, including AI-generated scripts, can exfiltrate sensitive data like AWS credentials or SS…
-
Shai-Hulud campaign infects 314 npm packages via account compromise
A malicious software campaign dubbed Shai-Hulud has infected over 300 npm packages, exploiting compromised developer accounts. This attack highlights the growing threat of AI-assisted attacks targeting software supply c…
-
Shai-Hulud malware infects PyTorch Lightning AI training library
A supply chain attack has compromised the PyTorch Lightning AI training library, affecting versions 2.6.2 and 2.6.3. The malicious code, themed after "Shai-Hulud" from Dune, executes automatically upon import and steals…
-
Replit blocks "Shai-Hulud" worm, protects developers from npm attack
A severe JavaScript supply chain attack, dubbed "Shai-Hulud," has compromised numerous npm packages, including @ctrl/tinycolor, which has over 2 million weekly downloads. This worm-like malware automatically harvests de…