Vendor

TanStack

3 briefs RSS

Shai-Hulud Malware Used in Supply Chain Attack via Compromised npm Packages

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

router +11 TeamPCP supply-chain supply-chain-attack npm pypi credential-theft shai-hulud

3r 7t 3i May 12, 2026

high threat

Mini Shai-Hulud Campaign Compromises npm Packages

3 rules 6 TTPs 8 IOCs

The Mini Shai-Hulud supply chain campaign, attributed to TeamPCP, has compromised several npm packages, including those within the @tanstack, @uipath, and @mistralai namespaces, leading to credential theft and potential further compromise.

@tanstack/react-router +2 TeamPCP supply-chain npm malware

3r 6t 8i May 12, 2026

critical advisory

Compromised @tanstack/* Packages Exfiltrate Credentials via GitHub Actions Exploit

2 rules 4 TTPs 6 IOCs

On 2026-05-11, multiple malicious versions of `@tanstack/*` packages were published to the npm registry due to a chained attack exploiting vulnerabilities in GitHub Actions; the attacker used a compromised GitHub Actions OIDC trusted-publisher binding to publish credential-stealing malware that harvests credentials, exfiltrates data, and propagates the compromise by republishing other packages with the same injection, requiring users who installed affected versions to consider their environment compromised and rotate all credentials.

@tanstack/arktype-adapter +41 supply-chain credential-theft github-actions

2r 4t 6i May 12, 2026