Extreme TLDR:
New Shai-Hulud 2.0 attack targets npm packages, affecting 25K+ repos and stealing secrets, with ~700 compromised packages identified. Immediate investigation and remediation recommended for npm environments. Attackers exploit lifecycle scripts for credential theft, leading to widespread credential exfiltration and propagation. Security teams advised to replace compromised packages, rotate credentials, and audit CI/CD environments.
https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attack

