The Shai-Hulud v2 supply chain attack has expanded to the Maven ecosystem, compromising over 830 npm packages and embedding malicious components in the org.mvnpm:posthog-node:4.18.1 package. This iteration is more stealthy and destructive, allowing attackers to gain unauthorized access to developer accounts and publish trojanized packages, affecting over 28,000 repositories. By exploiting CI misconfigurations, the malware amplifies its impact, leveraging a single compromised account to spread rapidly. Experts warn that this attack underscores vulnerabilities in the software supply chain, emphasizing the need for enhanced security measures and best practices to safeguard developer environments against such evolving threats.