Shai-Hulud: Another Wave and Going Open Source

Shai-Hulud - the self-propagating npm/PyPI supply-chain worm - is now open source on GitHub, and copycats are already forking it. If your detection strategy depends on recognizing this specific malware, you've lost the next round. The right question is how to detect stolen credentials being used abnormally - invariant across every variant past and future.