CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.

Hackers used log poisoning and web shells to convert Nezha into a remote access tool targeting networks across East Asia.