A sprawling supply-chain attack dubbed "Mini Shai-Hulud" has compromised hundreds of open-source packages, including TanStack and MistralAI. By hijacking automated CI/CD pipelines and spoofing digital signatures, the TeamPCP-linked malware successfully bypassed 2FA to steal cloud credentials and extort developers across major registries.