THREATOPS
THREAT OPSThreat News › Mini Shai-Hulud: Where SLSA’s Boundaries Fall

Mini Shai-Hulud: Where SLSA’s Boundaries Fall

lowopenssf_blogPublished 2026-06-10

<p>&nbsp;</p> <div class="site-content"> <div class="content markdown main-content"> <p class="h3 post-author">By Andrew McNamara (Red Hat)</p> <p><em>This blog was originally published on the SLSA.dev website. The original post can be found <a href="https://slsa.dev/blog/2026/05/mini-shai-hulud-what-slsa-can-and-cannot-do">here</a></em></p> <p>On May 11, 2026, attackers compromised 84 npm package

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://openssf.org/blog/2026/06/10/mini-shai-hulud-where-slsas-boundaries-fall/