Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

BrianKrebs @briankrebs@infosec.exchange

9/16/2025, 2:11:19 PM

Public

Breaking, new, by me:

Self-replicating "Shai-Hulud" worm hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

A screenshot of compromised credentials being published as GitHub repositories appended with the name "Shai-Halud."

a picture from the movie "Dune" showing a giant sandworm emerging out of the desert and towering down on two humans below.

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/briankrebs/statuses/115214377227636758 on your instance and quote it. (Note that quoting is not supported in Mastodon.)