Storia in 4 fonti

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

Raccontata da

lunedì 11 maggio 2026·theregister.com
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers' weekends with Saturday attack
martedì 12 maggio 2026·theregister.com
Cache-poisoning caper turns TanStack npm packages toxic
Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

martedì 12 maggio 2026·

bleepingcomputer.com

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

martedì 12 maggio 2026·

csoonline.com

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

martedì 12 maggio 2026·

venturebeat.com

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps…

giovedì 14 maggio 2026·

bleepingcomputer.com

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate…

venerdì 15 maggio 2026·

theregister.com

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Cache-poisoning caper turns TanStack npm packages toxic

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

OpenAI confirms security breach in TanStack supply chain attack

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised