Security News Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub BleepingComputer Daniel Bender 24 Nov 2025 Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.
