Shai-Hulud Malware Infects NPM Packages, Steals Cloud Tokens and Secrets

Cybersecurity researchers have uncovered a software supply chain attack targeting the npm registry, affecting over 40 packages maintained by multiple developers. The malicious campaign, dubbed Shai-Hulud, injects a trojanized script into npm packages...