The npm package ecosystem just became your worst nightmare, and nobody’s talking about it enough. Shai Hulud 2.0—detected on November 24, 2025—compromised nearly 1,200 organizations by doing something infinitely worse than simple encryption: it stole runtime secrets directly from memory.
Here’s where this gets terrifying. Initial reports described it as another supply chain spam attack. Researchers found thousands of malicious GitHub repositories and assumed standard noise. Then Entro Security’s deeper analysis revealed the actual attack—these weren’t just repositories meant to clutter GitHub. They were collection layers for a much larger, far more sophisticated operation targeting CI/CD pipelines.
The attack infected npm packages during the preinstall phase, executing payload scripts when developers installed dependencies. Instead of just scraping static files, Shai Hulud 2.0 captured full runtime environments. We’re talking about double-base64-encoded memory snapshots containing live credentials, GitHub Personal Access Tokens, AWS secret keys, blockchain production tokens, and Slack API keys. This wasn’t data exfiltration in the traditional sense—it was environment reconstruction.
Think about what that means. An attacker could now replay that exact environment state and have valid access to your infrastructure. The scale was staggering: 1,195 distinct organizations compromised. Tech and SaaS companies got hammered hardest (647 organizations), but financial services (53), healthcare (38), and insurance (26) all took major hits. One semiconductor giant had their self-hosted GitHub Actions runners compromised. A Tier-1 digital asset custody provider saw live blockchain production tokens exposed.
The most damning part? Scans conducted three days after disclosure revealed that some high-value credentials—including Google Cloud Service Account keys—were still valid and hadn’t been revoked. The attackers had valid entry points into corporate infrastructure, and organizations didn’t even know how badly they’d been compromised.
This connects directly to what I’ve emphasized in my published research on cyber defense and threat assessment models. Supply chain attacks exploiting development environments represent a fundamental shift in attack surface. You can’t just patch your production systems anymore; you need to treat developer workstations and CI/CD infrastructure as fully compromised until proven otherwise.
The bottom line? If your code gets executed anywhere—local laptop, cloud runner, container environment—it’s a potential target for memory scraping. Organizations need to rotate all non-human identities immediately and assume their runtime environments are fully compromised.
