A new and sophisticated supply chain attack has been uncovered, targeting one of the most trusted corners of the open-source software world. Dubbed “Mini Shai-Hulud,” this campaign went after the @antv npm package ecosystem, a collection of widely used data visualization libraries powering dashboards and applications for developers globally. The attack was quiet, precise, and […]
The post Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials appeared first on Cyber Security News.