WARPTECHNEWS · LAB
HomeAIBusinessTechArchive
WARPTECH LAB NEWS

Warptech Lab News aggrega le notizie più rilevanti da oltre 700 fonti internazionali, con classificazione AI, TL;DR sintetici e timeline cluster su singole storie.

Navigazione

  • Home
  • Archivio
  • Editor's Brief
  • Cerca
  • Il tuo account
  • Newsletter tech/AI

Informazioni legali

  • Privacy Policy
  • Termini di servizio
  • Cookie Policy

© 2026 Sparktech S.R.L. — Tutti i diritti riservati. Sito gestito e manutenuto da Sparktech S.R.L.

Sede legale: Corso Libertà 55, 13100 Vercelli (VC), Italia · P.IVA / C.F. 02835910023 · Contatti: admin@warptechlab.com

Home
Storia in 5 fonti

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.

Raccontata datheregister.comthehackernews.combleepingcomputer.comcsoonline.comventurebeat.com

Confronto fonti

5 prospettive sulla stessa storia
AI · summaries
thehackernews.comStai leggendo1 mesi fa

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.

originale
bleepingcomputer.com1 mesi fa

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

Leggi questa versione → originale
venturebeat.com1 mesi fa

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it exploited and the…

Leggi questa versione → originale
csoonline.com1 mesi fa

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

Leggi questa versione → originale
theregister.com1 mesi fa

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

Leggi questa versione → originale

Timeline cronologica

  1. lunedì 11 maggio 2026·theregister.com

    Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

    Cybercrooks ruin engineers' weekends with Saturday attack

  2. martedì 12 maggio 2026·thehackernews.com

    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

    TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.

  3. martedì 12 maggio 2026·theregister.com

    Cache-poisoning caper turns TanStack npm packages toxic

    Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

  4. martedì 12 maggio 2026·bleepingcomputer.com

    Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

    Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

  5. martedì 12 maggio 2026·csoonline.com

    Mistral AI SDK, TanStack Router hit in npm software supply chain attack

    Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

  6. martedì 12 maggio 2026·venturebeat.com

    Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

    TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps…

  7. mercoledì 13 maggio 2026·theregister.com

    Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

    Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

  8. giovedì 14 maggio 2026·bleepingcomputer.com

    OpenAI confirms security breach in TanStack supply chain attack

    OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate…

  9. venerdì 15 maggio 2026·theregister.com

    OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

    Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

  10. venerdì 15 maggio 2026·thehackernews.com

    TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

    Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June 12, 2026.