Sandworm
PulseAugur coverage of Sandworm — every cluster mentioning Sandworm across labs, papers, and developer communities, ranked by signal.
- 2026-05-19 research_milestone The source code for the Shai-Hulud AI worm was publicly released.
2 天有情绪数据
-
Network allow-lists fail to prevent data exfiltration from sandboxes
A security vulnerability exists in sandboxing environments that rely solely on network allow-lists for protection. Untrusted code, including AI-generated scripts, can exfiltrate sensitive data like AWS credentials or SS…
-
Shai-Hulud campaign infects 314 npm packages via account compromise
A malicious software campaign dubbed Shai-Hulud has infected over 300 npm packages, exploiting compromised developer accounts. This attack highlights the growing threat of AI-assisted attacks targeting software supply c…
-
Shai-Hulud malware infects PyTorch Lightning AI training library
A supply chain attack has compromised the PyTorch Lightning AI training library, affecting versions 2.6.2 and 2.6.3. The malicious code, themed after "Shai-Hulud" from Dune, executes automatically upon import and steals…
-
Replit blocks "Shai-Hulud" worm, protects developers from npm attack
A severe JavaScript supply chain attack, dubbed "Shai-Hulud," has compromised numerous npm packages, including @ctrl/tinycolor, which has over 2 million weekly downloads. This worm-like malware automatically harvests de…