Statement on MD-2025-0915 Shai-Hulud Vulnerability

Statement on MD-2025-0915 Shai-Hulud Vulnerability #

September 15, 2025

Information #

The Shai-Hulud Vulnerability is a self-replicating malware worm that targets the Node Package Manager (NPM) Supply Chain.

For additional information, please refer to:

CISA - Widespread Supply Chain Compromise Impacting npm Ecosystem

Response #

Melissa Data Corporation (“Melissa”) was not impacted by the Shai-Hulud vulnerability as we do not utilize any of the affected packages for any Melissa commercial web services or products.

Melissa has performed a thorough investigation of both in-house built APIs, web interfaces, and vendor supplied solutions; and will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

Statement on MD-2025-0915 Shai-Hulud Vulnerability

Contents

Statement on MD-2025-0915 Shai-Hulud Vulnerability #

Information #

Risk #

Response #

Statement on MD-2025-0915 Shai-Hulud Vulnerability

Contents

Statement on MD-2025-0915 Shai-Hulud Vulnerability#

Information#

Risk#

Response#

Statement on MD-2025-0915 Shai-Hulud Vulnerability #

Information #

Risk #

Response #