In Brief
Posted:
8:32 AM PDT · May 19, 2026
Image Credits:fotograzia / Getty Images
Hackers have compromised several popular open source projects relied on by software developers all over the world in an ongoing cyberattack.
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
In Brief
Posted:
8:32 AM PDT · May 19, 2026
Image Credits:fotograzia / Getty Images
Hackers have compromised several popular open source projects relied on by software developers all over the world in an ongoing cyberattack.

: Mini Shai-Hulud caught spreading credential-stealing malware

Hackers published 96 malicious versions across 32 Red Hat NPM packages in a supply chain attack similar to Mini Shai-Hulud.

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has…

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack variants.

Cybercrooks ruin engineers' weekends with Saturday attack

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines - Decrypt