Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

*Executive summary:* Microsoft details an active npm supply-chain compromise of the @antv account where attacker-published malicious package versions executed an obfuscated payload during installation to steal credentials from GitHub Actions, AWS, HashiCorp Vault, npm, Kubernetes, and 1Password, perform runner memory scraping, escalate privileges, and exfiltrate data via encrypted C2 and the Git Data API; GitHub removed malicious packages and invalidated tens of thousands of tokens while Microsoft provides detection and mitigation guidance.