Search

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

… According to TanStack's post-mortem report from TanStack, the attackers chained three vulnerabilities: a risky ‘pull request-target’ workflow, GitHub Actions cache poisoning, and OIDC token theft from runner memory. …

May 12, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Grafana breach caused by missed token rotation after TanStack attack

2d ago

bleepingcomputer.com

OpenAI confirms security breach in TanStack supply chain attack

1w ago

bleepingcomputer.com › news › security

GitHub links repo breach to TanStack npm supply-chain attack

GitHub links repo breach to TanStack npm supply-chain attack By Sergiu Gatlan May 21, 2026 02:54 AM GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack… …

May 21, 2026 · Sergiu Gatlan

tomshardware.com › tech-industry › cyber-security

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'  malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

… Affected packages reportedly included @tanstack/react-router, @tanstack/history, and @tanstack/router-core, components collectively downloaded tens of millions of times per week. …

May 12, 2026 · Etiido Uko

Discussions and forums

Hacker News · u/taubek · 6d ago

Our response to the TanStack NPM supply chain attack

Our response to the TanStack NPM supply chain attack

1

Hacker News · u/meetpateltech · 1w ago

Our response to the TanStack NPM supply chain attack

Our response to the TanStack NPM supply chain attack

4