Storia in 4 fonti

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

Raccontata da

Confronto fonti

4 prospettive sulla stessa storia

AI · summaries

theregister.comStai leggendo1 mesi fa

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

originale

Timeline cronologica

lunedì 11 maggio 2026·theregister.com
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers' weekends with Saturday attack
lunedì 11 maggio 2026·theregister.com
Cookie thieves caught stealing dev secrets via fake Claude Code installers
New IElevator2 COM interface? No problem

thehackernews.com

1 mesi fa

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.

Leggi questa versione → originale

venturebeat.com1 mesi fa

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it exploited and the…

Leggi questa versione → originale

bleepingcomputer.com1 mesi fa

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

Leggi questa versione → originale

martedì 12 maggio 2026·

thehackernews.com

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.

martedì 12 maggio 2026·

theregister.com

Cache-poisoning caper turns TanStack npm packages toxic

Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

martedì 12 maggio 2026·

bleepingcomputer.com

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

martedì 12 maggio 2026·

venturebeat.com

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps…

mercoledì 13 maggio 2026·

theregister.com

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

venerdì 15 maggio 2026·

theregister.com

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Timeline cronologica

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Cookie thieves caught stealing dev secrets via fake Claude Code installers

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Cache-poisoning caper turns TanStack npm packages toxic

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised