Snipping the Long Tail of Shai-Hulud 2.0

**Shai-Hulud 2.0 (sha1-hulud)** is a large-scale supply-chain worm that infected tens of thousands of repositories (including over one-third of the Fortune 100), persisted for weeks through private registries, local caches, and a malicious OpenVSX IDE extension, and exfiltrated vast numbers of secrets (GitHub, npm, cloud, and AI keys); the report links these exfiltrations to downstream impacts such as a $7M Trust Wallet theft and provides indicators, root causes, and mitigation recommendations.