Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials

A new and sophisticated supply chain attack has been uncovered, targeting one of the most trusted corners of the open-source software world. Dubbed “Mini Shai-Hulud,” this campaign went after the @antv npm package ecosystem, a collection of widely used data visualization libraries powering dashboard

Source: Cybersecurity News