Multiple security vendors are sounding the alarm about a
second wave of attacks targeting the npm registry in a manner
that's reminiscent of the Shai-Hulud attack. The new supply chain
campaign, dubbed Sha1-Hulud, has compromised hundreds of npm
packages, according to reports from Aikido, HelixGuard, Koi
Security, Socket, and Wiz. "The campaign introduces a new variant
that executes malicious
Read more https://thehackernews.com/2025/11/second-sha1-hulud-wave-affects-25000.html
