Cache-Poisoning Caper Turns TanStack Npm Packages Toxic
Researchers say 400-plus package artifacts were compromised across npm, PyPI and Composer as attackers used valid provenance to hide credential-stealing malware.
- On yesterday, attackers published 84 malicious versions across 42 TanStack packages on the Node Package Manager, each carrying valid provenance and signatures.
- This incident is part of the ongoing Shai-Hulud campaign, which has compromised hundreds of packages across Node Package Manager, PyPI, and Composer since last September.
- By hijacking valid OpenID Connect tokens, threat actors generated malicious packages with verifiable SLSA Build Level 3 attestations; Snyk researchers say the "attack produces valid SLSA Build Level 3 attestations for malicious packages."
- The payload reads GitHub Actions process memory to collect credentials from more than 100 file paths, including AWS Secrets Manager, Kubernetes service account tokens, and SSH keys.
- Researchers recommend that security teams rotate all credentials including GitHub tokens and Node Package Manager tokens, while auditing IDE directories for malicious files surviving installation.
19 Articles
19 Articles
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it exploited and the Monday-morning fix for each one.
Cache-poisoning caper turns TanStack npm packages toxic
An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI. Malicious n…
BleepingComputer
cybernoz.comShai Hulud attack ships signed malicious TanStack, Mistral npm packages
A large-scale software supply-chain attack involving the
HackRead
IT Security News - cybersecurity, infosecurity newsTeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
Notorious malware crew TeamPCP appears to have open-sourced its Shai-Hulud worm. Security outfit Ox on Tuesday spotted a pair of repos on GitHub, both of which contain the following text: Shai-Hulud: Open Sourcing The Carnage Is it vibe coded? Yes. Does it work? Let results speak. Change keys and C2 as needed. Love - TeamPCP The Register checked out the repos a few hours before publishing this story and at the time one listed a single fork, and …
Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across the AI and crypto developer ecosystem. Microsoft Threat Intelligence said on May 11, it was investigating the mistralai PyPI package version 2.4.6 after discovering malicious code injected in mistralai/client/__init__.py that executed on import, dow…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
