GitHub dismissed Shai-Hulud flaw reports, researchers say
The operational problem is less one bug than the platform behavior attackers can still use to hide in plain sight.
TL;DR
The Record reports that GitHub closed two Deep Specter Research submissions as ineligible and not presenting a security risk, even though researchers say Shai-Hulud variants now exploit the flaws. Deep Specter says it found 516 malicious packages live across npm, PyPI, RubyGems and two other ecosystems, plus more than 3,000 affected GitHub repositories and over 200 compromised developer accounts. For teams reviewing software supply chain exposure, the uncomfortable detail is that platform defaults can defeat the history checks defenders rely on.
The Record, citing Deep Specter Research, reports that GitHub rejected two HackerOne submissions about design flaws researchers say are now helping Shai-Hulud variants compromise packages and developer accounts. This is not a clean “GitHub ignored a vuln” story, because design behavior and security vulnerability are often different buckets inside a bug-bounty program. It is, however, a useful warning for anyone treating repository metadata as evidence rather than as attacker-controlled input.
One rejected report concerned GitHub commit timestamps: Deep Specter said whoever pushes code can backdate when it appears to have been added, letting the worm make newly introduced malicious changes look like old routine edits, according to The Record’s account of the researchers’ findings (https://therecord.media/github-dismissed-reports-shai-hulud-deep-specter). Deep Specter also said GitHub code search does not index files above a certain size threshold, leaving the worm’s roughly 4.6 MB obfuscated payload invisible to automated scanning in its investigation. Those are not exotic exploit-chain details. They are the kind of platform assumptions that turn a dependency review into theater if the reviewer does not know the blind spots.
CISA warned in 2025 that Shai-Hulud had compromised more than 500 npm packages, targeted GitHub personal access tokens and cloud API keys, and rapidly republished compromised packages through the npm registry (https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem). The practical work has not changed: review dependency trees, rotate developer and cloud credentials where exposure is plausible, audit workflow and repository changes, and do not trust old-looking commits just because they look old. The new point is narrower and worse for defenders: if the platform’s own affordances help malicious changes age themselves into the scenery, compliance evidence based on “recent change” detection needs another control behind it.
Published ·Deep Fathom