Added 2025 attacks

community/catalog/compromises/2025/nullifAI.md

@@ -0,0 +1,19 @@
+# nullifAI
+
+Two malicious pickles were discovered by ReversingLab in February, 2025.
+Pickle is a commonly and popularly used to serialize and deserialize ML model data, supported in platforms such as Hugging Face.
+The malware contained a reverse shell that connected to a hardcoded IP address.
+Note, that even broken Pickle files could execute malicious code on a developer system.
+
+## Impact
+
+* HuggingFace removed the malicious models within 24 hours of disclosure.
+* The Picklescan tool was improved to identify threats in “broken” Pickle files.
+
+## Type of Compromise
+
+The attack leveraged the trust of models available in Hugging face. Hence, is a leveraged **Trust and Signing**.
+
+## References
+
+* [ReversingLabs](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face)

community/catalog/compromises/2025/qix.md

@@ -0,0 +1,22 @@
+# npm phishing campaign
+
+In September 2025, an npm maintainer (Qix) was compromised by a phishing email `support [at] npmjs [dot] help` (created three days before the attack).
+The adversaries uploaded malicious code to 18 npm packages maintained by the developer, with more than 2 billion downloads per week.
+The malware injects itself within the browser, watches for cryptocurrency wallets transfers, rewrites destinations to attacker controlled addresses, hijacks the transactions, and remains stealthy.
+
+## Impact
+
+* The compromised versions of the packages were removed within the same day.
+* Although the packages compromised were quite popular, the economic impact of the attack was not severe. Only $500 was stolen as of September 9th.
+* The attack may have inspired similar campaigns in other package managers such as [crates.io](https://blog.rust-lang.org/2025/09/12/crates-io-phishing-campaign/) and [PyPi](https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/).
+
+## Type of Compromise
+
+The attack started through **Social Engineering/Phishing Attack**. Then **Attack Chaining** was used to introduce malware within the packages.
+
+## References
+
+* [Aikido](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)
+* [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-59145)
+* [Socket](https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack)
+* [Arkham](https://info.arkm.com/research/npm-attack-hacker-javascript-supply-chain-500-2025)

community/catalog/compromises/2025/shai-hulud.md

@@ -0,0 +1,23 @@
+# Shai-Hulud Self-Replicating Worm
+
+In September 2025, the "Shai-Hulud" self-replicating worm was discovered by Socket.
+After gaining initial access to an account, malware scanned for sensitive credentials, which were then exfiltrated.
+The credentials were then used to publish a new version of packages that the developers maintained or could access.
+Hence, users of the package were then infected and were replicating the malware.
+The name of the attack comes from the `shai-hulud.yaml`, a reference to the sandworms in Dune.
+
+## Impact
+
+* The compromised npm packages and packages with Indicators of Compromise were removed.
+* The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert about the attack.
+* npm acted to harden publishing by local publishing with required two-factor authentication (2FA), granular tokens with limited lifetime, and trusted publishing.
+
+## Type of Compromise
+
+**Attack Chaining** was used throughout the attack.
+
+## References
+
+* [CISA](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem)
+* [GitHub](https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/)
+* [Socket](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages)

community/catalog/compromises/README.md

@@ -29,6 +29,9 @@ of compromise needs added, please include that as well.
 <!-- cSpell:disable -->
 | Name              | Year               | Type of compromise    | Link        |
 | ----------------- | ------------------ | ------------------    | ----------- |
+| [Shai-Hulud](2025/shai-hulud.md) | 2025 | Attack Chaining | [1](https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem) [2](https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages) |
+| [npm phishing campaign](2025/qix.md) | 2025 | Social Engineering/Phishing Attack/Attack Chaining | [1](https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) |
+| [nullifAI](2025/nullifAI.md) | 2025 | Trust and Signing | [1](https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face) |
 | [Solana Web3.js Code Injection](2024/solana_web3js.md) | 2024 | Social Engineering/Phishing Attack | [1](https://www.reversinglabs.com/blog/malware-found-in-solana-npm-library-with-50m-downloads) [2](https://x.com/0xMert_/status/1864069157257613719) |
 | [Polyfill.io Infrastructure Takeover Leading to Malware Distribution](2024/polyfill.md) | 2024 | Publishing Infrastructure | [1](https://sansec.io/research/polyfill-supply-chain-attack) |
 | [Malware Disguised as Installer used to target Korean Public Institution](2024/targeted-signed-endoor.md) | 2024 | Trust and Signing | [1](https://asec.ahnlab.com/en/63396/) |