Tom's Hardware on MSN

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...
InfoWorld

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.
Infosecurity Magazine

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Cryptopolitan on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...