Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

2026-05-12

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

The Mini Shai-Hulud worm, attributed to threat actor TeamPCP, has compromised multiple npm and PyPI packages including TanStack, Mistral AI, and Guardrails AI.

•Modified packages include obfuscated JavaScript that steals credentials from cloud providers, cryptocurrency wallets, GitHub Actions, and CI systems, exfiltrating data to attacker-controlled servers.
•The attack exploited GitHub Actions with OIDC tokens and cache poisoning to publish malicious versions with valid SLSA Build Level 3 provenance attestations.
•The worm automatically spreads by locating publishable npm tokens and enumerating all packages by the same maintainer.
•The TanStack incident (CVE-2026-45321, CVSS 9.6) impacted 42 packages and 84 versions, spreading to packages from UiPath, DraftLab, and others.

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)