Search

bleepingcomputer.com › news › security

New Shai-Hulud malware wave compromises 600 npm packages

…As in the previous Shai-Hulud campaign impacting TanStack and Mistral packages, the payload collects secrets from developer and CI/CD environments and exfiltrates them over the Session P2P network to complicate…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Popular node-ipc npm package compromised to steal credentials TeamPCP hackers advertise Mistral AI code repos for sale OpenAI confirms security breach…

May 18, 2026 · Bill Toulas