Storia in 4 fonti

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

Raccontata da

lunedì 11 maggio 2026·theregister.com
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers' weekends with Saturday attack
martedì 12 maggio 2026·theregister.com
Cache-poisoning caper turns TanStack npm packages toxic
Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Cache-poisoning caper turns TanStack npm packages toxic

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised