Home / Security updates / Sha1-Hulud (2.0) NPM Supply Chain Attack - Investigating

Sha1-Hulud (2.0) NPM Supply Chain Attack - Investigating

Security updates detail rendered from /security-updates/upd_392a6fe4b981cb68.

Overview

Field	Value
id	upd_392a6fe4b981cb68
providerId	safebase
organizationId	org_423518d2d710f6f7
trustCenterId	tc_58ffdd9614680cb2
title	Sha1-Hulud (2.0) NPM Supply Chain Attack - Investigating
message	A new Shai-Hulud-linked npm supply-chain campaign (“Sha1-Hulud”) is compromising major packages to exfiltrate development secrets and sensitive project files. The blast radius is large and the attack is accelerating, thanks to cross-victim exfiltration and a new preinstall-phase malware variant. Our internal investigation is ongoing but as of this writing, Wiz has not identified any evidence indicating its own product or systems are affected. Please continue to monitor the Wiz Threat Center for detection and mitigation guidance. See also [this post](https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack) with details on Wiz's public blog.
url	-
publishedAt	2025-11-24
source	{ "field": "statuspage/public/compliance-update", "category": "general" }
company	{ "id": "org_423518d2d710f6f7", "name": "Wiz", "domains": [ "trust.wiz.io", "wiz.io" ] }
trust_center	{ "id": "tc_58ffdd9614680cb2", "name": "Wiz", "url": "https://trust.wiz.io", "host": "trust.wiz.io" }
provider	{ "id": "safebase", "name": "SafeBase" }
links	{ "self": "/v1/security-updates/upd_392a6fe4b981cb68", "company": "/v1/companies/org_423518d2d710f6f7", "trust_center": "/v1/trust-centers/tc_58ffdd9614680cb2", "provider": "/v1/providers/safebase" }

Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_392a6fe4b981cb68JSON