Shai-Hulud 2.0 Supply Chain Attack (Campaign)

A new wave of the Shai-Hulud supply chain attack has compromised hundreds of npm packages, including components from major companies like Zapier, ENS Domains, PostHog, and Postman. The attack has resulted in over 25,000 GitHub repositories being populated with stolen secrets. This represents a significant escalation of the original Shai-Hulud campaign, targeting widely-used JavaScript packages in the npm ecosystem. The attack demonstrates the continued vulnerability of software supply chains and the massive scale of impact possible through package repository compromise.