The Shai-Hulud supply chain worm compromised over 500 npm packages, exfiltrated credentials, hijacked GitHub Actions workflows and force-published private repositories - all within seconds of infection. Traditional scanners failed entirely: no CVE, no signature and no SBOM flag. The detection required behavioral analysis at the system-call level.

This session, led by Sudhanshu Dasgupta and Sahil Bansal of SafeDep, will cover:

• How Shai-Hulud executed its three-phase attack - credential theft, repository hijacking and self-replication - and why it evolved into a more destructive v2.0;
• Why static analysis alone cannot catch zero-day supply chain attacks, and how dynamic runtime monitoring in sandboxed containers addresses the gap;
• How Falco and eBPF-based behavioral detection rules flag malicious package behavior at install time, enabling classification before damage occurs.