An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how deeply embedded open-source libraries can be weaponized to infiltrate modern development pipelines at scale. The […] The post Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/antv-npm-packages/
