Most recently, a major new supply chain attack called Shai-Hulud has hit—compromising over 28,000 repositories on GitHub and npm. This breach has already leaked sensitive data and credentials, endangering millions of users. It’s no wonder that the deathly sophisticated attack has garnered so much attention. It can only do that by injecting destructive workflows into victim systems.
The attack takes advantage of weaknesses in current GitHub Actions workflows targeting pull_request_target and workflow_run workflows with misconfigurations. Shai-Hulud takes advantage of these faults, opening up foes to the most invaluable assets. This creates significant financial exposure for developers and companies.
Mechanism of the Attack
The Shai-Hulud is a highly successful tool, with one of its goals being the introduction of two nasty workflows into the victim’s environment. As part of one of these workflows, it registers the machine as a self-hosted runner. This lets it run arbitrary commands every time a new GitHub Discussion is created. This unforgiving method abuse protect enables hackers to run arbitrary commands from afar, constituting an unprecedented risk to the system’s overall security.
The attack highlights a concerning reality: a single misconfiguration can transform a repository into a “patient zero” for a fast-spreading assault. This vulnerability provides an adversary the opportunity to inject malicious code through far-reaching automated pipelines, dramatically increasing the attack’s reach and impact exponentially. The potential for rapid proliferation makes Shai-Hulud particularly dangerous, as it can ripple through thousands of downstream projects in mere hours, all from a single compromised maintainer or malicious install script.
Data Exfiltration and Impact
Shai-Hulud does not focus only on repository integrity. It seeks to siphon off sensitive information from infected machines. We know the campaign’s role has been absolutely vital in leaking hundreds of GitHub access tokens and credentials. These leaks are increasingly tied to misconfigurations on major cloud providers such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure.
A new analysis from GitGuardian offers important insights on the breadth of this data breach. They analyzed 4,645 different GitHub repositories and discovered 11,858 distinct secrets. As of November 24, 2025, 2,298 of these secrets were still active and publicly leaked. Over 5,000 text files containing exfiltrated secrets have been uploaded to GitHub. We believe this situation further underscores the immediate need for developers to improve the security of their systems.
The attack has already impacted some prominent projects linked to AsyncAPI, PostHog, and Postman. That threat is changing almost as fast as we can adapt. Those developers now leave themselves exposed to sensitive data theft, including API keys, npm tokens, and GitHub tokens.
Spread Beyond npm
Shai-Hulud was originally designed to work completely in the java-script/npm ecosystem. Now, it has increased its reach by backdooring more than 830 packages in the npm registry and infiltrating the Maven ecosystem. This change in focus illustrates just how flexible the attack is. It’s developers who depend on these package management ecosystems that need to be on constant watch and on-guard.
Incidents involving Shai-Hulud where they do not depend on zero-day vulnerabilities. This is troubling for obvious reasons, but more importantly, they take advantage of gaps that are not traditionally filled or well-protected. It is not uncommon for threat actors to gain unauthorized access to npm maintainer accounts. This lets them publish trojanized versions of packages, endangering the users who may not know that they’ve installed potentially harmful software.