security: Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft reports that compromised @antv npm packages were used to deploy the Mini Shai-Hulud payload, which runs during npm install and steals CI/CD secrets from Linux-based automation environments. The malware targets credentials from GitHub, AWS, Kubernetes, Vault, npm, and 1Password.

• Source: Microsoft Security Blog