Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

thehackernews.com

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.