Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Cryptopolitan on MSN

Mini Shai-Hulud worm hijacks 323 npm packages under 30 minutes through a single stolen account

On May 19, the Mini Shai-Hulud worm compromised one npm maintainer account and pushed 639 malicious versions across 323 ...