Sha1-Hulud: The Second Coming - Zapier, ENS Domains, and Other Prominent NPM Packages Compromised

The Shai-Hulud campaign has returned with a second wave of attacks targeting prominent NPM packages. This supply chain attack has compromised packages associated with major organizations including Zapier and ENS Domains. The attack represents a significant escalation in NPM ecosystem targeting, affecting widely-used packages that could impact numerous downstream applications. This is a continuation of the previously identified Shai-Hulud campaign, indicating persistent threat actor activity in the JavaScript package ecosystem. The compromise of high-profile packages suggests potential for widespread impact across the development community.