Tracking repositories created by the Shai-Hulud 2.0 supply-chain campaign.
Read the Wiz analysis
TL;DR:
A Shai-Hulud–style npm supply-chain attack trojanizes popular packages and exfiltrates
developer and CI/CD secrets into public GitHub repositories controlled by compromised users,
leading to tens of thousands of malicious repos and ongoing exposure.
See the full write-up by Wiz
here
.