Cache-Poisoning Caper Turns TanStack Npm Packages Toxic
Researchers say 400-plus package artifacts were compromised across npm, PyPI and Composer as attackers used valid provenance to hide credential-stealing malware.
- On yesterday, attackers published 84 malicious versions across 42 TanStack packages on the Node Package Manager, each carrying valid provenance and signatures.
- This incident is part of the ongoing Shai-Hulud campaign, which has compromised hundreds of packages across Node Package Manager, PyPI, and Composer since last September.
- By hijacking valid OpenID Connect tokens, threat actors generated malicious packages with verifiable SLSA Build Level 3 attestations; Snyk researchers say the "attack produces valid SLSA Build Level 3 attestations for malicious packages."
- The payload reads GitHub Actions process memory to collect credentials from more than 100 file paths, including AWS Secrets Manager, Kubernetes service account tokens, and SSH keys.
- Researchers recommend that security teams rotate all credentials including GitHub tokens and Node Package Manager tokens, while auditing IDE directories for malicious files surviving installation.
16 Articles
16 Articles
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it exploited and the Monday-morning fix for each one.
Cache-poisoning caper turns TanStack npm packages toxic
An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI. Malicious n…
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
Notorious malware crew TeamPCP appears to have open-sourced its Shai-Hulud worm. Security outfit Ox on Tuesday spotted a pair of repos on GitHub, both of which contain the following text: Shai-Hulud: Open Sourcing The Carnage Is it vibe coded? Yes. Does it work? Let results speak. Change keys and C2 as needed. Love - TeamPCP The Register checked out the repos a few hours before publishing this story and at the time one listed a single fork, and …
Mini Shai-Hulud: TeamPCP’s Self-Propagating npm Worm Hits TanStack, OpenSearch, and Mistral AI Across 170 Packages
TeamPCP’s Mini Shai-Hulud worm hit 170 npm packages across TanStack, OpenSearch, and Mistral AI via OIDC token theft. Full IOCs, detection, and remediation. The post Mini Shai-Hulud: TeamPCP’s Self-Propagating npm Worm Hits TanStack, OpenSearch, and Mistral AI Across 170 Packages appeared first on Phoenix Security.
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
