Skip to content
The Nexus
SECURITYMay 12 · 11:29 UTCBLEEPING COMPUTERBill Toulas

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this