Skip to main content
security alert

Security Alert: Preventive Actions Taken by Centreon Against the "Shai-Hulud 2.0" Campaign

  • December 2, 2025
  • 0 replies
  • 11 views
fgbetokpanou
Centreonian
Forum|alt.badge.img+11

The “Shai-Hulud 2.0” Campaign

 

Since November 23rd, a major supply chain attack, named "Shai-Hulud 2.0", has been developing. This attack was quickly documented by major software and security players, notably GitLab on November 24th (https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/) and CERT-FR on November 27th (https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-051/). This attack spreads by compromising packages used as dependencies by many software solutions.

 

Impact of Shai-Hulud 2.0 on Centreon

 

To date, Centreon has detected no evidence of compromise to its source code. Furthermore, no official update to our solutions has been published since the beginning of the attack. Centreon has therefore not served as a vector of compromise for the Shai-Hulud 2.0 attack.

 

Preventive Actions Taken by Centreon

 

Despite the absence of a direct impact, and given the scale of the attack, Centreon has taken precautionary measures:

  1. Rotation of secret: We have rotated all secrets used for the development of our solutions.
  2. New GPG key: We have generated a new GPG key to reinforce the guarantee that the packages we deliver originate exclusively from Centreon.


Recommendations for Our Users

 

All Centreon users must imperatively integrate the new GPG key using the key rotation procedure: https://docs.centreon.com/docs/security/key-rotation/. This procedure contains instructions for importing the new GPG key and for verifying available GPG keys. No new installation or update can be carried out until the procedure has been completed.

 

We encourage our entire community to read and apply the recommendations issued by CERT-FR to check for any potential impacts on their environments.

 

For more information on this attack, here are some articles providing more detailed context:

 

If you have any further questions, you can open a Question ticket with our Customer Care team so that we can get back to you.

 

 Read this article in french 

Here to help you enjoy your experience on The Watch ¯\_ (ツ) _/¯
rchauvel

Terms & ConditionsCookie settingsAccessibility statement