Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
A malicious actor, referred to as Mini Shai-Hulud, has compromised a maintainer account to push malicious npm packages in the AntV ecosystem. The number of affected packages is reported to be somewhere between 42 and over 600, with some outlets specifying that hundreds or over 300 packages were compromised. The attack has enabled the potential theft of ci/cd credentials and appears to involve fake sigstore badges.
Full coverage
12345678