The Shai-Hulud supply chain attack has evolved into its second wave, expanding from the npm registry to the Maven ecosystem. The campaign has compromised over 830 packages in the npm registry and has now infected at least one Maven Central package (org.mvnpm:posthog-node:4.18.1). The attack continues to use the same components: the 'setup_bun.js' loader and the main payload 'bun_environment.js'. This cross-platform expansion demonstrates the campaign's sophistication and ability to target multiple package management ecosystems, potentially exposing thousands of secrets from affected environments.