bleepingcomputer.com › news › security New Shai-Hulud malware wave compromises 600 npm packages … It primarily targets developer workstations and CI/CD environments, including GitHub Actions, GitLab CI, Jenkins, Azure DevOps, CircleCI, Vercel, Netlify, and other build platforms. … May 19, 2026 · Bill Toulas