Post #8628

🛑 Shai-Hulud 2.0 ran code before security scans, quietly breaking CI/CD at the source. As Jonny Rivera from ActiveState explains, it stole cloud credentials and turned GitHub runners into attacker-controlled botnets—long before detection kicked in. Fix: control what enters the pipeline. 🔗 How curated catalogs stop pre-install attacks → https://thehackernews.com/expert-insights/2026/03/the-curated-catalog-biggest-defense.html