On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/09/shai-hulud-a-persistent-secret-leaking-campaign/
