SECURITYBLEEPING COMPUTER
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.