Upwind Incident Hotline: Live Support for the “Shai Hulud 2.0” NPM Supply Chain Attack
Get immediate answers and hands-on help from Upwind’s MDR team in response to the latest npm supply chain threat.
The “Shai Hulud 2.0” campaign is one of the most aggressive npm supply-chain attacks to date, introducing a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs.
More than 25,000 repositories tied to hundreds of developers have already been affected, driven by malicious preinstall scripts, workflow injections, and forced repository migrations used to harvest credentials and republish altered packages at scale.
If you’re unsure whether your pipelines, package dependencies, or workflows have been affected, or just want expert help understanding what to look for, the Upwind team is here.
Our MDR Team is standing by to:
Analyze suspicious behavior across your environments
Help identify potential compromise
Review dependency chains and CI activity for signs of impact
Walk you through Upwind’s real-time detection insights
This is a live response space. Join an open breakout room to get 1:1 support from our MDR team.
You’ll be added to a live Zoom room and a dedicated Slack channel where you can ask questions, share artifacts, and get guidance directly from our experts.
To protect everyone in the security community we will only allow security professionals with approved corporate email address to join the call.