Shai Hulud Supply Chain Attack Rocks npm Ecosystem, Exploiting GitHub Actions for Widespread Compromise
A sophisticated supply chain attack, dubbed Shai Hulud, has compromised over 500 npm packages, leveraging GitHub Actions vulnerabilities to exfiltrate secrets and propagate malicious code. This incident marks a critical shift from theoretical threats to confirmed real-world impact across major tech vendors.