[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcbyILCr9TFDEYYfu40dhZrxLIo_5y9Bie8ZqoFHWxlI":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":34,"category":35,"article_tags":39},"51329577-fd31-4851-9827-34f6f1c2a937","Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping","suno-breached-via-shai-hulud-worm-leaked-code-exposes-ai-music-scraping-ca929f","Leaked source code shows how AI music generator Suno scraped YouTube, Deezer, and Genius to train its models. The breach that exposed it started with a Shai-Hulud infection, according to a scoop from 404 Media. A threat actor using the handle ellie.191 told 404 Media they breached Suno by compromising a single employee with the Shai-Hulud worm, then used the harvested GitHub and cloud credentials to reach the company's source code, customer list, and Stripe payment data. The downstream impact of Shai-Hulud is still coming to light months after the worm's first waves. The campaign exposed secrets from tens of thousands of GitHub repositories, and the Suno breach is the latest to surface. The leaked code documents Suno's scraping # The leaked source code and dataset comments describe scraping from YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and the International Music Score Library Project, plus roughly a million hours of podcasts identified through PodcastIndex. The code confirms the RIAA's claim that Suno stream-ripped tracks from YouTube and shows Suno routing that scraping through proxies from Bright Data. 404 Media published the dataset figures and file-level detail. # Shai-Hulud harvests GitHub and cloud service credentials from developer machines and CI environments, so compromising one employee was enough to reach Suno's internal systems. It exfiltrates what it steals to a public GitHub repository under the victim's own account, which leaves the credentials publicly accessible. What 404 Media does not establish is ellie.191's role. They may have been part of the campaign that planted the trojanized packages, or they may have found the Suno employee's exfiltrated credentials in that public repository and used them to gain unauthorized access to the company's code and systems. The second fits how the hacker described themselves, with no specific reason for targeting Suno and a stated habit of hacking \"anything and everything.\" Either way, the worm turned a single infected developer machine into a public dump of Suno's corporate credentials. ellie.191 gave 404 Media a sample of customer records, and some of those customers confirmed the data was theirs and said Suno never notified them of a breach. Suno confirmed a security incident in a statement to 404 Media, dating it to November 2025 and describing it as limited and quickly contained. The company said the incident primarily involved outdated source code and that it does not store full credit card numbers in Stripe. The reported November timing lines up with Shai-Hulud's second wave, which spread across npm in late November and added a destructive fallback that wipes home directories when it can't exfiltrate. Shai-Hulud spreads by republishing malicious versions of any packages the stolen npm and GitHub accounts can reach. The first wave compromised dozens of packages in September 2025 and reached CrowdStrike's packages within weeks. SANDWORM_MODE added AI toolchain poisoning in February 2026. Another variant, Mini Shai-Hulud, hit npm, PyPI, and Packagist in April and May 2026.","AI music generator Suno was breached in November 2025 after a developer was infected with the Shai-Hulud worm, which harvested GitHub and cloud credentials. The leaked source code reveals Suno scraped music from YouTube, Deezer, Genius, and other platforms to train its models, confirming RIAA allegations. The breach exposed customer records and Stripe payment data; Shai-Hulud has since evolved into multiple variants affecting thousands of open-source repositories.","Suno AI music generator breached via Shai-Hulud worm; leaked code exposes YouTube\u002FDeezer scraping.","Security NewsNext.js moves to scheduled security releasesVercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.By Sarah Gooding - Jul 16, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fsuno-breach-shai-hulud-worm?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002Fc14aefc9c03ae82b9367e7aa7c9bc5c09f1bf1a8-1672x941.png?w=1000&q=95&fit=max&auto=format","2026-07-16T15:34:49.523+00:00","2026-07-16T18:00:26.063813+00:00",9,[18,21,24,26,29,31],{"name":19,"type":20},"Suno","product",{"name":22,"type":23},"Vercel","vendor",{"name":25,"type":23},"CrowdStrike",{"name":27,"type":28},"npm","technology",{"name":30,"type":28},"GitHub",{"name":32,"type":33},"ellie.191","threat_actor","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":34,"icon":36,"name":37,"slug":38},null,"Breaches","breaches",[40,45,50],{"category":41},{"id":42,"icon":36,"name":43,"slug":44},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":46},{"id":47,"icon":36,"name":48,"slug":49},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":51},{"id":52,"icon":36,"name":53,"slug":54},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[56,59,62],{"type":49,"value":57,"context":58},"Shai-Hulud","Worm targeting developer machines and CI environments; harvests GitHub and cloud credentials; spreads via trojanized npm packages",{"type":49,"value":60,"context":61},"SANDWORM_MODE","Variant of Shai-Hulud with AI toolchain poisoning capabilities, deployed February 2026",{"type":49,"value":63,"context":64},"Mini Shai-Hulud","Variant hitting npm, PyPI, and Packagist in April and May 2026"]