VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Mini Shai‑Hulud: TanStack packages compromised

Mini Shai‑Hulud: компрометированы пакеты TanStack

Colleagues — alert: a campaign dubbed Mini Shai‑Hulud has compromised npm/PyPI packages (TanStack, Mistral, Guardrails).

Summary:
- Obfuscated stealer embedded in packages exfiltrates credentials via Session Protocol to attacker repositories.
- Persists in Claude/VS Code, monitors GitHub tokens and injects malicious GitHub Actions.
- TanStack links the intrusion to a GitHub Actions chain (hijacked OIDC, pull_request_target, cache poisoning); CVE‑2026‑45321 (CVSS 9.6).

Critical: malicious releases are validly signed — a severe supply‑chain risk.

Recommended: revoke OIDC/publishing tokens, audit workflows and caches, scan dependencies.

What mitigations have you implemented for CI/CD?

#cybersecurity #supplychain #DevSecOps #GitHubActions

Latest comments

No comments yet.