Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
From BleepingComputer to All on Mon Nov 24 10:10:38 2025
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. [...]