[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFZ7BufoI_MKzjB6m8W4IAIBbXF8n65xoqBjXXTdcRBI":3},{"article":4,"iocs":50},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"0807f3fc-7f14-43b4-9d7d-b5e0480bf499","Typosquatted npm packages used to steal cloud and CI\u002FCD secrets","typosquatted-npm-packages-used-to-steal-cloud-and-ci-cd-secrets-ba519c","The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI\u002FCD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations identify and disrupt related activity. The post Typosquatted npm packages used to steal cloud and CI\u002FCD secrets appeared first on Microsoft Security Blog.","Microsoft Security researchers discovered the Mini Shai-Hulud campaign, which leveraged typosquatted npm packages to target and exfiltrate cloud and CI\u002FCD credentials from developer environments. The campaign demonstrates a sophisticated supply chain attack vector exploiting the npm ecosystem. The report provides technical analysis, detection methods, and mitigation strategies to help organizations defend against similar credential theft operations.","Typosquatted npm packages steal cloud and CI\u002FCD credentials in Mini Shai-Hulud campaign.","May 28 24 min read The Gentlemen ransomware: Dissecting a self-propagating Go encryptor Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using series of simultaneous lateral movement techniques per target.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F28\u002Ftyposquatted-npm-packages-used-steal-cloud-ci-cd-secrets\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002FMS_Actional-Insights_Rapid-response.jpg","2026-05-29T03:04:52+00:00","2026-05-29T06:00:23.995931+00:00",9,[18,21,24,26],{"name":19,"type":20},"Mini Shai-Hulud","campaign",{"name":22,"type":23},"npm","technology",{"name":25,"type":23},"CI\u002FCD",{"name":27,"type":28},"Microsoft","vendor","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":29,"icon":31,"name":32,"slug":33},null,"Supply Chain","supply-chain",[35,40,45],{"category":36},{"id":37,"icon":31,"name":38,"slug":39},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":41},{"id":42,"icon":31,"name":43,"slug":44},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":46},{"id":47,"icon":31,"name":48,"slug":49},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]