A fast-moving, self‑replicating supply‑chain worm dubbed Shai‑Hulud has poisoned hundreds of npm packages and is actively targeting developer credentials and cloud service keys tied to Google Cloud, Amazon Web Services, and Microsoft Azure — a campaign so severe that national and vendor security...