From 932182939cfce4d4c5525fe273d49ed155e4ca9b Mon Sep 17 00:00:00 2001
From: sivanahamer <sivanahamer@gmail.com>
Date: Sat, 15 Nov 2025 23:01:49 -0500
Subject: [PATCH 1/2] Added 2025 attacks

---
 .../catalog/compromises/2025/nullifAI.md      | 20 +++++++++++++++
 community/catalog/compromises/2025/qix.md     | 23 +++++++++++++++++
 .../catalog/compromises/2025/shai-hulud.md    | 25 +++++++++++++++++++
 community/catalog/compromises/README.md       |  3 +++
 4 files changed, 71 insertions(+)
 create mode 100644 community/catalog/compromises/2025/nullifAI.md
 create mode 100644 community/catalog/compromises/2025/qix.md
 create mode 100644 community/catalog/compromises/2025/shai-hulud.md

diff --git a/community/catalog/compromises/2025/nullifAI.md b/community/catalog/compromises/2025/nullifAI.md
new file mode 100644
index 000000000..534106157
--- /dev/null
+++ b/community/catalog/compromises/2025/nullifAI.md
@@ -0,0 +1,20 @@
+# nullifAI
+
+Two malicious pickles were discovered by ReversingLab on February, 2025.
+Pickle is a commonly and popularly used used to serialize and deserailize ML model data, supported in platforms such as Hugging Face.
+The malware contained a reverse shell that connected to a hardcoded IP address.
+Note, that even broken Pickle files could execute malicious code on a developer system.
+
+## Impact
+
+* HuggingFace removed the malicious models within 24 hours of disclosure.
+* The Picklescan tool was improved to identify threats in “broken” Pickle files.
+
+
+## Type of Compromise
+
+The attack leveraged the trust of models available in Hugging face. Hence, is a leveraged **Trust and Signing**.
+
+## References
+
+* [ReversingLabs](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face)
\ No newline at end of file
diff --git a/community/catalog/compromises/2025/qix.md b/community/catalog/compromises/2025/qix.md
new file mode 100644
index 000000000..a16a3391c
--- /dev/null
+++ b/community/catalog/compromises/2025/qix.md
@@ -0,0 +1,23 @@
+# npm phishing campaign
+
+In September 2025, an npm maintainer (Qix) was compromised by a phishing email `support [at] npmjs [dot] help` (created three days before the attack). 
+The adversaries uploaded malicious code to 18 npm packages maintained by the developer, with more than 2 billion downloads per week.
+The malware injects itself within the browser, watches for cryptocurrent wallets transfers, rewrites destinations to attacker controlled addresses, hijacks the transactions, and remains stealthy.
+
+## Impact
+
+* The compromised versions of the packages were removed within the same day.
+* Although the packages compromised were quite popular, the economic impact of the attack was not severe. Only $500 was stolen as of September 9th.
+* The attack may have inspired similar campaigns in other package managers such as [crates.io](https://blog.rust-lang.org/2025/09/12/crates-io-phishing-campaign/) and [PyPi](https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/).
+
+
+## Type of Compromise
+
+The attack started through **Social Engineering/Phishing Attack**. Then **Attack Chaining** was used to introduce malware within the packages.
+
+## References
+
+* [Aikido](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)
+* [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-59145)
+* [Socket](https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack)
+* [Arkham](https://info.arkm.com/research/npm-attack-hacker-javascript-supply-chain-500-2025)
\ No newline at end of file
diff --git a/community/catalog/compromises/2025/shai-hulud.md b/community/catalog/compromises/2025/shai-hulud.md
new file mode 100644
index 000000000..7f18e5fc9
--- /dev/null
+++ b/community/catalog/compromises/2025/shai-hulud.md
@@ -0,0 +1,25 @@
+# Shai-Hulud Self-Replicating Worm
+
+In September 2025, the "Shai-Hulud" self-replicating worm was discovered by Socket.
+After gaining initial access to an account, malware scanned for sensitive credentials which were then exfiltrated.
+The credentials were then used to publish new version of packages maintained or could be accessed by the developers.
+Hence, users of the package were then infected, and replicating the malware.
+The name of the attack comes from the `shai-hulud.yaml`, a reference to the sandworms in Dune. 
+
+
+## Impact
+
+* The compromised npm packages and packages with Indicators of Compromised were removed.
+* US Cybersecurity and Infrastructure Security Agency (CISA) released an alert about the attack.
+* npm acted to harden publishing by local publishing with required two-factor authentication (2FA), granular tokens with limited lifetime, and trusted publishing.
+
+
+## Type of Compromise
+
+**Attack Chaining** was used throughout the attack.
+
+## References
+
+* [CISA](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem)
+* [GitHub](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/)
+* [Socket](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages)
\ No newline at end of file
diff --git a/community/catalog/compromises/README.md b/community/catalog/compromises/README.md
index f18356b85..10cd5f2e9 100644
--- a/community/catalog/compromises/README.md
+++ b/community/catalog/compromises/README.md
@@ -29,6 +29,9 @@ of compromise needs added, please include that as well.
 <!-- cSpell:disable -->
 | Name              | Year               | Type of compromise    | Link        |
 | ----------------- | ------------------ | ------------------    | ----------- |
+| [Shai-Hulud](2025/shai-hulud.md) | 2025 | Attack Chaining | [1](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem) [2](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages) |
+| [npm phishing campaign](2025/qix.md) | 2025 | Social Engineering/Phishing Attack/Attack Chaining | [1](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) |
+| [nullifAI](2025/nullifAI.md) | 2025 | Trust and Signing | [1](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face) |
 | [Solana Web3.js Code Injection](2024/solana_web3js.md) | 2024 | Social Engineering/Phishing Attack | [1](https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads) [2](https://x.com/0xMert_/status/1864069157257613719) |
 | [Polyfill.io Infrastructure Takeover Leading to Malware Distribution](2024/polyfill.md) | 2024 | Publishing Infrastructure | [1](https://sansec.io/research/polyfill-supply-chain-attack) |
 | [Malware Disguised as Installer used to target Korean Public Institution](2024/targeted-signed-endoor.md) | 2024 | Trust and Signing | [1](https://asec.ahnlab.com/en/63396/) |

From 71c17738fd24e7a77500db21ede714c3af5b8628 Mon Sep 17 00:00:00 2001
From: sivanahamer <sivanahamer@gmail.com>
Date: Sat, 15 Nov 2025 23:12:21 -0500
Subject: [PATCH 2/2] Fix issues from jobs

---
 community/catalog/compromises/2025/nullifAI.md   |  7 +++----
 community/catalog/compromises/2025/qix.md        |  7 +++----
 community/catalog/compromises/2025/shai-hulud.md | 16 +++++++---------
 3 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/community/catalog/compromises/2025/nullifAI.md b/community/catalog/compromises/2025/nullifAI.md
index 534106157..24cf00239 100644
--- a/community/catalog/compromises/2025/nullifAI.md
+++ b/community/catalog/compromises/2025/nullifAI.md
@@ -1,7 +1,7 @@
 # nullifAI
 
-Two malicious pickles were discovered by ReversingLab on February, 2025.
-Pickle is a commonly and popularly used used to serialize and deserailize ML model data, supported in platforms such as Hugging Face.
+Two malicious pickles were discovered by ReversingLab in February, 2025.
+Pickle is a commonly and popularly used to serialize and deserialize ML model data, supported in platforms such as Hugging Face.
 The malware contained a reverse shell that connected to a hardcoded IP address.
 Note, that even broken Pickle files could execute malicious code on a developer system.
 
@@ -10,11 +10,10 @@ Note, that even broken Pickle files could execute malicious code on a developer
 * HuggingFace removed the malicious models within 24 hours of disclosure.
 * The Picklescan tool was improved to identify threats in “broken” Pickle files.
 
-
 ## Type of Compromise
 
 The attack leveraged the trust of models available in Hugging face. Hence, is a leveraged **Trust and Signing**.
 
 ## References
 
-* [ReversingLabs](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face)
\ No newline at end of file
+* [ReversingLabs](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face)
diff --git a/community/catalog/compromises/2025/qix.md b/community/catalog/compromises/2025/qix.md
index a16a3391c..cbc3f8365 100644
--- a/community/catalog/compromises/2025/qix.md
+++ b/community/catalog/compromises/2025/qix.md
@@ -1,8 +1,8 @@
 # npm phishing campaign
 
-In September 2025, an npm maintainer (Qix) was compromised by a phishing email `support [at] npmjs [dot] help` (created three days before the attack). 
+In September 2025, an npm maintainer (Qix) was compromised by a phishing email `support [at] npmjs [dot] help` (created three days before the attack).
 The adversaries uploaded malicious code to 18 npm packages maintained by the developer, with more than 2 billion downloads per week.
-The malware injects itself within the browser, watches for cryptocurrent wallets transfers, rewrites destinations to attacker controlled addresses, hijacks the transactions, and remains stealthy.
+The malware injects itself within the browser, watches for cryptocurrency wallets transfers, rewrites destinations to attacker controlled addresses, hijacks the transactions, and remains stealthy.
 
 ## Impact
 
@@ -10,7 +10,6 @@ The malware injects itself within the browser, watches for cryptocurrent wallets
 * Although the packages compromised were quite popular, the economic impact of the attack was not severe. Only $500 was stolen as of September 9th.
 * The attack may have inspired similar campaigns in other package managers such as [crates.io](https://blog.rust-lang.org/2025/09/12/crates-io-phishing-campaign/) and [PyPi](https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/).
 
-
 ## Type of Compromise
 
 The attack started through **Social Engineering/Phishing Attack**. Then **Attack Chaining** was used to introduce malware within the packages.
@@ -20,4 +19,4 @@ The attack started through **Social Engineering/Phishing Attack**. Then **Attack
 * [Aikido](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)
 * [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-59145)
 * [Socket](https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack)
-* [Arkham](https://info.arkm.com/research/npm-attack-hacker-javascript-supply-chain-500-2025)
\ No newline at end of file
+* [Arkham](https://info.arkm.com/research/npm-attack-hacker-javascript-supply-chain-500-2025)
diff --git a/community/catalog/compromises/2025/shai-hulud.md b/community/catalog/compromises/2025/shai-hulud.md
index 7f18e5fc9..0cdf92b47 100644
--- a/community/catalog/compromises/2025/shai-hulud.md
+++ b/community/catalog/compromises/2025/shai-hulud.md
@@ -1,19 +1,17 @@
 # Shai-Hulud Self-Replicating Worm
 
 In September 2025, the "Shai-Hulud" self-replicating worm was discovered by Socket.
-After gaining initial access to an account, malware scanned for sensitive credentials which were then exfiltrated.
-The credentials were then used to publish new version of packages maintained or could be accessed by the developers.
-Hence, users of the package were then infected, and replicating the malware.
-The name of the attack comes from the `shai-hulud.yaml`, a reference to the sandworms in Dune. 
-
+After gaining initial access to an account, malware scanned for sensitive credentials, which were then exfiltrated.
+The credentials were then used to publish a new version of packages that the developers maintained or could access.
+Hence, users of the package were then infected and were replicating the malware.
+The name of the attack comes from the `shai-hulud.yaml`, a reference to the sandworms in Dune.
 
 ## Impact
 
-* The compromised npm packages and packages with Indicators of Compromised were removed.
-* US Cybersecurity and Infrastructure Security Agency (CISA) released an alert about the attack.
+* The compromised npm packages and packages with Indicators of Compromise were removed.
+* The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert about the attack.
 * npm acted to harden publishing by local publishing with required two-factor authentication (2FA), granular tokens with limited lifetime, and trusted publishing.
 
-
 ## Type of Compromise
 
 **Attack Chaining** was used throughout the attack.
@@ -22,4 +20,4 @@ The name of the attack comes from the `shai-hulud.yaml`, a reference to the sand
 
 * [CISA](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem)
 * [GitHub](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/)
-* [Socket](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages)
\ No newline at end of file
+* [Socket](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages)