Mini Shai‑Hulud: TanStack packages compromised

Colleagues — alert: a campaign dubbed Mini Shai‑Hulud has compromised npm/PyPI packages (TanStack, Mistral, Guardrails).
Summary:
- Obfuscated stealer embedded in packages exfiltrates credentials via Session Protocol to attacker repositories.
- Persists in Claude/VS Code, monitors GitHub tokens and injects malicious GitHub Actions.
- TanStack links the intrusion to a GitHub Actions chain (hijacked OIDC, pull_request_target, cache poisoning); CVE‑2026‑45321 (CVSS 9.6).
Critical: malicious releases are validly signed — a severe supply‑chain risk.
Recommended: revoke OIDC/publishing tokens, audit workflows and caches, scan dependencies.
What mitigations have you implemented for CI/CD?
#cybersecurity #supplychain #DevSecOps #GitHubActions


Latest comments
No comments yet.