Another OpenAI hack puts ChatGPT Mac users on an update deadline
…OpenAI is forcing Mac users to update ChatGPT The company disclosed the incident on May 13 and confirmed malware linked to the "Mini Shai-Hulud" attack infected two employee devices…
Search
Related topics:
Shai-Hulud
All sources
bleepingcomputer.com
31
pcper.com
4
golem.de
2
tomshardware.com
2
techcrunch.com
2
9to5mac.com
2
arstechnica.com
2
theregister.com
2
about.gitlab.com
1
neowin.net
1
appleinsider.com
1
wired.com
1
Tracked topic
Shai-Hulud
Videos
More videosGitHub confirms breach of 3,800 repos via malicious VSCode extension
…developer code platforms, including GitHub , PyPI , NPM , and Docker , and, more recently, to the "Mini Shai-Hulud" supply chain campaign (which also impacted two OpenAI employees). VS Code extensions are plugins that…
Over 116,000 Mincraft systems infected in WeedHack malware campaign
…fake outage pages to deliver malware BTMOB Android malware service generates custom phishing payloads New Shai-Hulud malware wave compromises 600 npm packages Gaming Information Stealer Infostealer MaaS Malware Malware-as-a…
Over 116,000 Minecraft systems infected in WeedHack malware campaign
…fake outage pages to deliver malware BTMOB Android malware service generates custom phishing payloads New Shai-Hulud malware wave compromises 600 npm packages Gaming Information Stealer Infostealer MaaS Malware Malware-as-a…
Discussions and forums
durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP | same Mini Shai-Hulud payload as last week's TanStack wave
We've been tracking TeamPCP since March. This is the fifth major package in the same campaign. Full chronology: Mar 19 — Trivy compromised. CI/CD secrets harvested downstream. Mar 24 — LiteLLM 1.82.7/1.82.8 to PyPI via c…
Show HN: AVP – an agent can't leak a secret it never had
A process can't leak a secret it never had.Shai-hulud, prompt-injection - you name it. They cannot steal what your agent (or an process) don't have.I run coding agents (Claude Code, Codex) on my own machines most of the …
3
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
…The name comes from GitHub repositories the worm creates that include encrypted credentials stolen from victims, each of which includes the phrase “A Mini Shai-Hulud Has Appeared” along with a handful…
VS Code supply chain attack hits GitHub, OpenAI, and Mistral AI
…The campaign, attributed to threat actor group TeamPCP and codenamed Mini Shai-Hulud, has now claimed GitHub, OpenAI, and Mistral AI as confirmed victims, with developer credentials and internal source code the…
DAEMON Tools devs confirm breach, release malware-free version
…DAEMON Tools trojanized in supply-chain attack to deploy backdoor Popular node-ipc npm package compromised to steal credentials Shai Hulud attack ships signed malicious TanStack, Mistral npm packages TeamPCP hackers advertise…
GitHub links repo breach to TanStack npm supply-chain attack
…TeamPCP was linked to other major supply chain attacks targeting developer code platforms, including PyPI , NPM , GitHub , and Docker , and, more recently, to the "Mini Shai-Hulud" supply chain campaign (which also…
TeamPCP hackers advertise Mistral AI code repos for sale
…OpenAI confirms security breach in TanStack supply chain attack Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Official SAP npm packages compromised to steal credentials Bitwarden CLI npm package compromised…
OptinMonster WordPress plugin hacked in CDN supply-chain attack
…GitHub disables Microsoft repos pushing password-stealing malware New Shai-Hulud attack trojanizes 19 science-focused PyPI packages New IronWorm malware hits 36 packages in npm supply-chain attack New Shai-Hulud…