Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
Bleeping Computer

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud ...
GIGAZINE

The popular JavaScript library suite 'TanStack,' which is downloaded millions of times every week, has been hit by a supply chain attack; development environments with the ...

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...
heise online

Supply chain attack on TanStack: 42 packages compromised

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave. The TanStack team announced that a supply chain attack on TanStack ...
TechRadar

OpenAI confirms security breach in TanStack supply chain attack, but says no user data was affected

OpenAI confirmed two employee devices were impacted in the TanStack “Mini Shai‑Hulud” supply chain attack Malware exfiltrated limited credential material from internal code repositories; no customer ...
WRIC ABC 8News on MSN

Valley Link releases updated routes for controversial transmission line project

Valley Link has released three updated route options for its controversial transmission line project as preservation and ...
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
Hackaday

Revisiting Making Your Own Internet Router In 2026

After my recent misadventures setting up an OpenWrt installation on a scruffy e-waste-level x86 PC, quite a few people chimed ...
Forbes

Choosing The Path Less Taken

Most people don't choose the conventional path because it's right. They choose it because it's defensible. Somewhere to point if things go wrong. In many cases, this is not a failure of ambition. It ...
Hosted on MSN

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials

Microsoft Threat Intelligence said in an X post on Monday that it is investigating a compromise of the mistralai PyPI package after attackers reportedly injected malicious code that automatically ...