Leaked Shai-Hulud malware fuels new npm infostealer campaign

SITREP: The Shai-Hulud malware, which was leaked recently, has been repurposed in a new campaign targeting the Node Package Manager (npm) index. Infected packages have started to appear, indicating a significant escalation in cyber threats associated with this malware. TACTICAL ASSESSMENT: This development highlights the increasing vulnerability of software supply chains, particularly in open-source environments. The use of leaked malware in new attacks suggests a trend towards more sophisticated and targeted cyber operations. PROJECTED VECTORS: Further exploitation of npm and other software repositories is likely, potentially leading to widespread data breaches and compromised systems.