Can We Talk About This Now? Shai-Hulud Wave 2 Targeting npm

This Morphisec blog describes the evolution of the Shai-Hulud npm supply-chain worm from a credential-stealing Wave 1 to a more destructive, self-replicating Wave 2 that reportedly infected 25,000+ repositories, added wiper functionality that can destroy home directories if exfiltration fails, used Docker-based privilege escalation to gain root, and persisted via malicious GitHub workflows and self-hosted runners; the post urges immediate scanning for compromised packages/workflows, credential rotation, least-privilege restrictions, and deployment of pre-execution runtime protections.