The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms.
While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new analysis reveals a far more sophisticated operation.
Entro Security researchers observed that the malware did not just create noise; it successfully exfiltrated sensitive runtime memory and credentials from deep within corporate CI/CD pipelines.
Early analysis focused on the thousands of attacker-controlled GitHub repositories generated by the worm. However, researchers at Entro Security have confirmed that these repositories were merely the “collection layer” for a much larger heist.
The true damage occurred inside the victim environments, developer endpoints, cloud build servers, and self-hosted GitHub runners, where the malware executed payload scripts during the “preinstall” phase of compromised npm packages.
Instead of just scraping static files, Shai Hulud 2.0 captured full runtime environments. Entro Security analysis found that the generated artifacts, like environment.json, contained double-base64-encoded memory snapshots.
These snapshots allowed attackers to reconstruct the exact state of compromised machines, granting them access to in-memory secrets that never appeared in code repositories.
The scale of the compromise is staggering. Entro researchers identified 1,195 distinct organizations by analyzing email domains, internal hostnames, and tenant identifiers found in the exfiltrated data.
Technology and SaaS companies suffered the most from the attack, representing over half of the identified victims.
| Industry Sector | Number of Compromised Orgs |
|---|---|
| Technology / SaaS | 647 |
| Financial Services & Banking | 53 |
| Healthcare | 38 |
| Insurance | 26 |
| Media | 21 |
| Telecom | 20 |
| Logistics | 15 |
Two specific examples highlight the severity of the breach. The first involved one of the world’s largest semiconductor companies, where a self-hosted GitHub Actions runner was compromised.
The decoded memory dump exposed active GitHub Personal Access Tokens and internal hostnames, proving the attackers had valid entry points into the company’s internal infrastructure.
The second victim was a Tier-1 digital asset custody provider. In this case, the malware struck a GitLab CI pipeline. The exfiltrated data included live AWS secret keys, blockchain production tokens, and Slack API keys.
Critically, scans conducted on November 27, three days after the initial disclosure, revealed that some of these high-value credentials, including Google Cloud Service Account keys, were still valid and had not been revoked.
The GitHub repositories associated with Shai Hulud 2.0 are being removed, but the stolen credentials remain in the attacker’s hands. The campaign demonstrates that any environment where code is executed, whether a local laptop or a cloud-based CI runner, is a potential target for memory scraping.
With valid secrets circulating days after the attack, organizations are urged to rotate all non-human identities and treat their runtime environments as fully compromised.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
