New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...