2 posts tagged with "GitLab" | R2Devops documentation

Shai-Hulud 2.0: When npm install Becomes a CI/CD Attack

November 25, 2025 · 4 min read

Between November 21 and 23, 2025, attackers compromised maintainer accounts to publish trojanized versions of popular npm packages. Unlike typical malware that might run quietly in the background, this variant is aggressively designed to harvest credentials and establish persistence within build environments.

What is Shai-Hulud 2.0?

Scale at a glance: ~700 npm packages linked to the campaign, 25k+ malicious GitHub repos auto-created, and large-scale secret leaks (GitHub tokens, AWS/GCP/Azure creds).

Could a Supply Chain Attack Like tj-actions/change-files Hit GitLab CI/CD Pipelines?

March 19, 2025 · 4 min read

What Happened?

A critical supply chain attack has impacted the GitHub Actions ecosystem, specifically targeting the widely used tj-actions/changed-files workflow.

This action, commonly used in CI/CD pipelines to detect modified files in pull requests, was compromised, allowing attackers to steal secrets and potentially gain control over repositories.

CVE-2025-30066 has been assigned to this incident.

What is Shai-Hulud 2.0?​

What Happened?​

What is Shai-Hulud 2.0?

What Happened?