Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
From BleepingComputer to All on Tue Dec 2 14:21:03 2025
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. [...]