Feed›Threat Intelligence›New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI pa...

Threat IntelligenceCyber Insider

9.0 — CRITICAL

New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages

📅 12 May 2026 at 10:46 UTC📰 Cyber InsiderView original source ↗

A rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Composer repositories. The breached projects include widely used libraries from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. Security researchers at Socket, Endor Labs, and Aikido say the malware steals credentials from … The post New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A supply-chain attack using the 'Mini Shai-Hulud' malware campaign compromised over 400 package artifacts across npm, PyPI, and Composer repositories, stealing credentials and publishing additional infected packages.

⚙️Technical Details

Affected Systems

npmPyPIComposerGitHubVS CodeClaude Code tooling

Attack Vectors

GitHub Actions weaknessescache poisoningruntime extraction of OIDC publishing tokensoptional dependencies with Git-based referencesmalicious files in .vscode/ and .claude/ directories

💥Impact Assessment

Severity: critical

Who Is at Risk

organizations that installed affected versionsdevelopers who published infected packagesusers of compromised softwareSeverity: critical

🛡️Recommended Actions

1rotate credentials accessible from impacted systems

2audit npm publishing activity and GitHub Actions workflows for unauthorized releases

3search environments for indicators including router_init.js, tanstack_runner.js, etc.

📦Affected Products

@tanstack/react-routerTanStackMistral AIUiPathOpenSearchGuardrails AI

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed