A recent supply chain attack, identified on September 15, targeted the @ctrl/tinycolor and 150 other NPM packages, using a method similar to previous campaigns like s1ngularity and GhostActions. The attackers extracted local environment secrets and injected malicious GitHub Actions workflows into accessible projects, with the compromised packages detailed by socket.dev and StepSecurity. GitGuardian's research team investigated the attack to assess its impact on leaked secrets, offering the HasMySecretLeaked service for developers to check if their credentials were compromised. The attack, known as Shai-Hulud, involved collecting secrets from victims' local machines, encoding them, and uploading to GitHub, with malicious workflows pushing further compromises. Despite a quick response that limited the attack and revoked many leaked secrets, some credentials remain valid, posing ongoing risks. The campaign's worm-like propagation suggests it may persist, highlighting the evolving threat and need for vigilance in the open-source ecosystem. GitGuardian continues to monitor these threats in real-time, providing tools to detect and mitigate such security challenges.