Storia in 4 fonti

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it exploited and the Monday-morning fix for each one.

Raccontata da

lunedì 11 maggio 2026·theregister.com
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers' weekends with Saturday attack
martedì 12 maggio 2026·theregister.com
Cache-poisoning caper turns TanStack npm packages toxic
Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Cache-poisoning caper turns TanStack npm packages toxic

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised