The NHS Was Lucky. The Next Victim Might Not Be.

The NCSC reports a near-miss software supply-chain attack called Mini Shai-hulud that inserted malicious code into packages used across NHS projects and propagated through CI/CD systems and package registries; while the incident was contained with limited damage, the report warns the structural nature of modern dependency ecosystems (transitive dependencies, automated installs, weak registry account protections) makes similar campaigns high‑risk and details four common attacker techniques alongside immediate guidance for visibility, detection, and remediation.