Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...

On May 11, 2026, a massive supply chain attack shook the JavaScript ecosystem. Over 170 npm and PyPI packages, including TanStack, Mistral AI, and UiPath, were compromised, exposing developers with ...

The TanStack npm supply chain compromise that occurred on May 11, 2026, was not merely an incident where malware was mixed into a famous package. More accurately, it was an incident where the public ...

UiPath is downgraded to Hold due to revenue growth and risks around business model transition and competitive threats. Read ...

OpenAI has said it found no evidence that user data was accessed following a security issue linked to a supply-chain attack involving the open-source TanStack npm library. The company said in a ...