Mistral AI SDK, TanStack Router hit in npm software supply chain attack
Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.
Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages
safedep.ioOver 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.
GitHub Actions Cache Poisoning is eating open source
Angular. tj-actions. Cline. TanStack. The same class of attack has been quietly hijacking publish pipelines for two years. Here's what it is, how it works, and what you need to do today.
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign.
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.