Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Cryptopolitan on MSN
Node-IPC supply chain attack targets crypto devs
Attackers hijacked a dormant npm maintainer account and pushed malicious node-ipc versions that steal crypto keys, AWS tokens ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...
Morning Overview on MSN
A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs
On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results