The second wave of the Shai-Hulud supply chain attack has
spilled over to the Maven ecosystem after compromising more than
830 packages in the npm registry. The Socket Research Team said it
identified a Maven Central package named
org.mvnpm:posthog-node:4.18.1 that embeds the same two components
associated with Sha1-Hulud: the "setup_bun.js" loader and the main
payload "bun_environment.js." The
Read more https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html
