Shai-Hulud 2.0 Supply Chain Attack (Campaign)

Shai-Hulud 2.0 is an ongoing supply-chain campaign that trojanized hundreds of npm packages to steal credentials from developer machines and CI/CD pipelines; attackers exfiltrate secrets into attacker-controlled GitHub repositories, deploy persistent backdoors by registering compromised machines as self-hosted runners, and have harvested thousands of sensitive items (including cloud credentials and GitHub tokens), impacting over 25,000 repositories and generating roughly 1,000 new exfiltration repositories every 30 minutes.