security: Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack
Microsoft Security Blog
2025-12-09
Shai‑Hulud 2.0 is a large-scale supply chain attack in which adversaries maliciously modified hundreds of public packages to compromise developer environments, CI/CD pipelines, and cloud workloads in order to harvest credentials and configuration secrets. Microsoft published guidance to detect, investigate, and defend against these compromises across development toolchains, build systems, and cloud assets.