Hosted on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
Mint

OpenAI says no user data stolen after supply-chain hackers accessed employee devices

OpenAI has said it found no evidence that user data was accessed following a security issue linked to a supply-chain attack involving the open-source TanStack npm library. The company said in a ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...
techjuice.pk

Mini Shai-Hulud Worm Compromises Over 169 npm Packages

TeamPCP threat group launched a coordinated supply chain attack compromising 169 npm packages on May 11, 2026. The Mini Shai-Hulud worm targeted TanStack, UiPath, Mistral AI, OpenSearch, and ...