TLDR: Shai-Hulud 2.0 malware attack exposed ~400,000 developer secrets from NPM packages, affecting ~30,000 GitHub repositories. Over 60% of leaked tokens still valid, with significant infections on Linux and CI/CD platforms.
Shai-Hulud 2.0 NPM Malware Attack Exposed up to 400,000 Dev Secrets

