Microsoft researchers have uncovered an active supply chain attack targeting the popular @antv Node Package Manager (npm) ecosystem. Threat actors compromised a maintainer account to distribute the “Mini Shai-Hulud” malware via widely used data visualization libraries. This breach caused massive downstream impacts, infecting libraries like echarts-for-react, which averages over one million weekly downloads. The malicious […]
The post Mini Shai-Hulud Malware Targets @antv Packages To Harvest CI/CD Secrets appeared first on Cyber Security News.