Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The Hacker News
Actively Exploited
Summary
The Shai-Hulud supply chain attack has escalated, now affecting the Maven ecosystem after previously compromising over 830 npm packages. The identified package, org.mvnpm:posthog-node:4.18.1, contains malicious components that pose significant risks to software security.
Impact
Affected products include the Maven Central package org.mvnpm:posthog-node version 4.18.1.
In the Wild
Yes
Timeline
Ongoing since the initial npm compromise and now expanded to Maven.
Remediation
Users are advised to remove the compromised package and monitor for updates from the Maven Central repository regarding this vulnerability.