logo

GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

ID: 2a7dc550-1067-520f-8839-88907dd59a37

STIX ID: report--2a7dc550-1067-520f-8839-88907dd59a37

Feed Name: The Record from Recorded Future News

Threat Score
78/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

...
...

Recorded Future coverage details how variants of the Shai‑Hulud supply‑chain worm have been linked to hundreds of malicious packages across npm, PyPI and RubyGems, more than 3,000 affected GitHub repositories and over 200 compromised developer accounts; researchers say GitHub design behaviors (client-supplied commit timestamps, forgeable author metadata, and file-size indexing limits) allow the worm to evade detection and impersonate trusted developers, but GitHub classified those reports as ineligible or feature requests.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.