The Shai-Hulud v2 campaign represents a highly impactful supply chain attack targeting open-source package ecosystems, initially npm and now extending into Maven Central. The attack began by compromising over 830 npm packages, embedding malicious JavaScript components named "setup_bun.js" and "bun_environment.js" that act as loaders and payloads respectively. These components backdoor developer environments by injecting rogue GitHub Actions workflows that register victim machines as self-hosted runners, enabling arbitrary command execution triggered by GitHub Discussions. The malware systematically scans infected machines for sensitive secrets such as API keys, cloud credentials (AWS, Google Cloud, Azure), npm and GitHub tokens, and exfiltrates them to randomly named public GitHub repositories to evade detection. The campaign leverages a critical CI/CD misconfiguration involving the risky pull_request_target trigger, allowing execution of attacker-supplied code during continuous integration runs. The Maven compromise occurred via an automated process (mvnpm) that rebundles npm packages as Maven artifacts, unintentionally propagating the infection into the Java ecosystem. The attack has affected over 28,000 repositories and leaked thousands of valid secrets, with over 5,000 files containing exfiltrated data uploaded publicly. The malware uses the Bun runtime environment to conceal its core logic, enhancing stealth and increasing infection scale by raising the infection cap from 20 to 100 packages. This worm-like propagation mechanism allows a single compromised maintainer account to rapidly amplify the attack’s blast radius. The campaign is a continuation of prior ecosystem attacks such as the August 2025 S1ngularity campaign and demonstrates evolving attacker sophistication in supply chain compromise. The incident underscores systemic weaknesses in open-source package publishing, CI/CD pipeline security, and secret management practices, emphasizing the need for improved software supply chain defenses.

European organizations that develop or consume software relying on npm and Maven packages are at high risk of exposure to this threat. The theft of API keys, cloud credentials, and tokens can lead to unauthorized access to critical cloud infrastructure, data breaches, and lateral movement within corporate networks. Organizations using CI/CD pipelines with GitHub Actions are particularly vulnerable due to the exploitation of workflow misconfigurations, potentially allowing attackers to execute arbitrary code within trusted build environments. The widespread nature of the infection means that many downstream applications and services could be compromised, leading to cascading impacts on software integrity and availability. The exposure of secrets can facilitate further attacks such as ransomware, data exfiltration, and service disruption. Additionally, the stealth and worm-like propagation of the malware increase the difficulty of detection and containment, potentially prolonging exposure and increasing remediation costs. The incident also risks damaging trust in open-source ecosystems widely used across Europe’s technology sectors, including finance, manufacturing, and government services, which rely heavily on these package managers and cloud services.

European organizations should immediately rotate all potentially exposed secrets including API keys, cloud credentials, and tokens associated with npm, Maven, and GitHub accounts. Conduct comprehensive audits of all dependencies to identify and remove compromised package versions, replacing them with verified clean versions. Harden CI/CD pipelines by reviewing and correcting GitHub Actions workflows to avoid risky triggers such as pull_request_target and workflow_run that allow untrusted code execution. Implement strict least-privilege access controls on CI/CD environments and repositories to limit the impact of compromised accounts. Deploy automated secret scanning tools integrated into development workflows and enforce policies to prevent secret leakage. Monitor for unusual GitHub repository activity, especially the creation of public repositories with random names that could be exfiltration targets. Collaborate with package registries and security teams to ensure compromised packages are purged and blocked from rebundling. Educate developers on supply chain risks and secure coding practices. Consider adopting software supply chain security frameworks such as Sigstore for package signing and verification to enhance trustworthiness of dependencies.