@socket.dev on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Socket

socket.dev

did:plc:n6f3j47vjucu5ijwdmow7n2w

⚠️ Major Update on the Shai Hulud v2 campaign: We’ve confirmed 834 malicious packages and now see spillover into Maven Central. The package org.mvnpm:posthog-node:4.18.1 contains the same Bun-based payload used in the npm compromise. Updated analysis → https://socket.dev/blog/shai-hulud-strikes-again-v2 #Java

2025-11-25T18:43:48.134Z