The May 2026 wave of the Shai‑Hulud campaign didn’t just steal credentials: attackers chained multiple GitHub Actions weaknesses to publish more than 170 malicious npm and PyPI packages that carried valid SLSA provenance, turning build attestations into cover for a wide-ranging, self‑propagating compromise. How the CI chain was abused end to end The intrusion began […]