Shai-Hulud Worm Strikes npm: 800 Packages Compromised

The Shai-Hulud worm has struck again, compromising over 800 npm packages with 132 million monthly downloads. The attack occurred just before npm’s deadline to revoke classic tokens, making it a strategic move. The worm operates by scanning for exposed secrets and attempting to propagate itself, showcasing a higher level of sophistication. It targets major packages from organizations like AsyncAPI, PostHog, and Zapier, with a potential impact on thousands of organizations. The attack highlights the need for better secret management and active threat monitoring during package installation.