On November 24, 2025, over 1,000 NPM packages were compromised using a fake Bun runtime, leading to the infection of more than 27,000 GitHub repositories. The malicious code steals sensitive information and exfiltrates it via a GitHub Action runner. This incident appears to be linked to a previous attack identified as "Shai-Hulud."