Shai-Hulud 2.0 Credential Leak Hits Zapier, PostHog and Postman — User Data At Risk
While many secrets are stale, over 60% of leaked NPM tokens remain valid
The digital landscape is once again shaking as a new iteration of a major credential leak—dubbed 'Shai-Hulud 2.0'—has surfaced. This widespread credential leak has reportedly affected several massive platforms, putting vast amounts of user data at immediate risk.
The Scale of the Breach
The second Shai-Hulud attack, which struck last week, compromised hundreds of packages within the NPM (Node Package Manager) registry. This wide-ranging infection enabled the theft of an estimated 400,000 raw secrets, which the attackers then exposed by publishing the stolen data across 30,000 GitHub repositories.
Shai-Hulud 2.0: The npm worm that's hitting the supply chain again
— Datadog, Inc. (@datadoghq) November 25, 2025
A few days ago, a new piece of malware started spreading in npm, compromising and backdooring hundreds of legitimate npm packages and GitHub users.
If you're using the JavaScript ecosystem, read the analysis… pic.twitter.com/3I40DZJCUY
Although the open-source scanning tool TruffleHog could verify only approximately 10,000 of the exposed secrets as immediately valid, researchers at the cloud security platform Wiz noted a far more critical issue. They found that, as of 1st December, more than 60% of the leaked NPM tokens themselves remained active and usable.
The threat has successfully compromised hundreds of packages, specifically affecting well-known projects from AsyncAPI, Zapier, PostHog, and Postman. This critical information comes from a report by Elastic, an open-source platform that specialises in search, security, and observability solutions.
How the Payload Spread
The Shai-Hulud threat first appeared in mid-September. It began by breaching 187 NPM packages using a payload designed to spread itself. This malicious code worked by first using TruffleHog to find account tokens, then injecting a harmful script into the packages, and finally automatically releasing the corrupted versions onto the platform.
During the second attack, the malware escalated its impact, affecting over 800 packages (when counting every infected version). Notably, this updated version also included a destructive feature: a mechanism that could erase the victim's home directory under specific conditions.
Inventory of Exposed Data
Researchers at Wiz, who analysed the secrets leak spread across 30,000 GitHub repositories by the Shai-Hulud 2.0 attack, identified a clear inventory of exposed data.
They discovered that approximately 70% of the repositories contained a contents.json file holding GitHub usernames, tokens, and file snapshots. Furthermore, half of the repositories featured the truffleSecrets.json file, which detailed TruffleHog scan results.
A large majority—80%—hosted the environment.json file, revealing OS information, CI/CD metadata, npm package metadata, and GitHub credentials. Finally, 400 repositories specifically hosted the actionsSecrets.json file, exposing GitHub Actions workflow secrets.
The Threat of Active Credentials
Wiz observed that the malware ran TruffleHog without the essential '-only-verified' flag. This lack of verification means the huge count of 400,000 exposed secrets matches only a known format and is likely no longer active or usable.
However, Wiz clarified that while this raw data is 'extremely noisy' and requires significant cleaning efforts, it still includes hundreds of valid credentials. These usable secrets cover cloud, NPM tokens, and VCS credentials.
𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘀𝘂𝗽𝗽𝗹𝘆-𝗰𝗵𝗮𝗶𝗻 𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝗮𝗿𝗲𝗻’𝘁 “𝗯𝗹𝗮𝗰𝗸 𝘀𝘄𝗮𝗻𝘀” 𝗮𝗻𝘆𝗺𝗼𝗿𝗲, 𝘁𝗵𝗲𝘆’𝗿𝗲 𝗿𝗲𝗽𝗲𝗮𝘁𝗮𝗯𝗹𝗲 𝗽𝗹𝗮𝘆𝗯𝗼𝗼𝗸𝘀.
— BINARLY🔬 (@binarly_io) November 29, 2025
This Shai-Hulud 2.0 kill chain highlights the pattern:
1️⃣ 𝗣𝗿𝗲-𝗶𝗻𝘀𝘁𝗮𝗹𝗹 𝘀𝗰𝗿𝗶𝗽𝘁… pic.twitter.com/gTT95i76Jn
The company explained: 'To date, these credentials pose an active risk of further supply chain attacks. For example, we observe that over 60% of leaked NPM tokens are still valid.'
An examination of 24,000 environment.json files revealed that around half of this data was unique. Researchers determined that 23% of the files originated from developer machines, while the remaining files came from CI/CD runners and similar infrastructure.
Infection Landscape: Systems and Platforms
The researchers' findings indicate that 87% of compromised machines were Linux systems. Furthermore, 76% of the infections occurred within containers. In terms of CI/CD platform usage, GitHub Actions was by far the most impacted, with Jenkins, GitLab CI, and AWS CodeBuild following.
When examining the infection distribution, Wiz researchers found that the most frequently compromised package was @postman/tunnel-agent@0.6.7. This was closely followed by @asyncapi/specs@6.8.3. Together, these two packages were responsible for over 60% of all reported infections.
Containment and Infection Vectors
The researchers highlight that the overall Shai-Hulud impact might have been substantially lessened if a few key packages had been quickly identified and neutralised early in the attack cycle. Looking at the infection pattern, they found that a massive 99% of instances stemmed from the pre-install event, which ran node setup_bun.js.
The minimal number of observed exceptions was likely an attempt to test the malware. Wiz anticipates that the individuals responsible for Shai-Hulud will continue to improve and refine their methods. The company predicts that new waves of attacks will appear soon, possibly utilising the vast collection of credentials they have already gathered.
© Copyright IBTimes 2025. All rights reserved.
- MOST POPULAR IN Technology
