Shai-Hulud 2.0 Credential Leak Hits Zapier, PostHog and Postman — User Data At Risk

Hulud 2.0,' has created a severe supply chain crisis, compromising key platforms like Zapier, PostHog, and Postman.
GitHub

Postman Api Download – Collaborate and Automate API Workflows

Postman API is a powerful and widely-used platform for API development, testing, and collaboration. It allows developers to design, mock, debug, and automate API workflows in a user-friendly ...
GitHub

Postman MCP Server

The Postman MCP Server connects Postman to AI tools, giving AI agents and assistants the ability to access workspaces, manage collections and environments, evaluate APIs, and automate workflows ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
CSO Online

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, ...

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

The attackers have learned from their mistakes and have now developed a more aggressive version of the worm. It has already ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...
The Register on MSN

Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A ...