Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Spyware can be a user’s nemesis. Once a user’s device is infected, spyware can collect a variety of personal and sensitive information, depending on the type of spyware. Here is what you need to know about spyware and how to detect it.

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.

Once again, the npm supply chain has been compromised, putting developers relying on these vital open source components at risk. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered. This is not an isolated incident. It’s a continuation of an existing campaign that is now abusing CI/CD pipelines, and GitHub automation to spread faster and steal more secrets than before.

Sha1-Hulud has burrowed back into our lives, spreading rapidly and causing more destruction than ever. Named after the famous worm from the Dune franchise, this attack is also impacting global organizations. Since its first widescale spread on September 16, 2025, this worm has demonstrated its ability to propagate rapidly with high impact using the following techniques: This variant includes some new behavior, including.

This is the second in our Retail Resilience series. Check out the first article, Cyber Risk in UK Retail: A Golden Quarter Under Threat Threat actors have retail firmly in their sights. High profile breaches across giants, from Cartier, Co-op and Adidas to Marks & Spencer, underscore just how much is at stake. With sprawling customer data, complex supply chains and relentless digital transformation, the sector is a prime target for sophisticated threat groups.

Our intelligence team has uncovered a fresh escalation in state-sponsored cyber espionage targeting enterprise update infrastructure. A critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), designated CVE-2025-59287, is now actively exploited by Chinese-linked advanced persistent threat ( APT) groups. These actors leverage the flaw to deploy ShadowPad, a modular backdoor long favored in espionage operations.

On November 24, 2025, researchers identified a renewed supply-chain attack linked to Shai-Hulud malware, revealing that numerous npm packages had been quietly trojanized following the initial wave of malicious activity in September. This second iteration involved compromised versions of popular packages uploaded between November 21, 2025, and November 23, 2025, with additional compromised packages continuing to surface at the time of writing.

Kroll Threat Intelligence is tracking a second wave of ‘Shai-Hulud’ NPM compromises, named as ‘Sha1-Hulud’ (based on the GitHub action name created as well as the public repository description it creates to publish credentials).

Nov 20, 2025 UK Cyber Security Bill: A Mandate for Resilience Read More Natalie Tischler Nov 18, 2025 GPT‑5 Pulls Ahead on Secure Code While Rivals Stall Read More Natalie Tischler Nov 12, 2025 Beyond Your Code: A Guide to Software Supply Chain Risk Management Read More Natalie Tischler.