The Shai-Hulud malware campaign is targeting software supply chains, affecting over 320 packages on NPM and PyPI with over 518 million monthly downloads. This campaign highlights the risks of automated systems and the reliance on third-party code in modern development.
Cybersecurity firms StepSecurity and SafeDep warn of a new wave of "supply chain" attacks targeting open source projects. Hackers compromised developer accounts to push malicious updates, aiming to steal credentials and spread malware. The campaign, dubbed "Mini Shai-Hulud," has affected packages like Alibaba's Antv.
Cybersecurity firms StepSecurity and SafeDep warned of a new wave of supply-chain attacks targeting open source projects. Hackers compromised developer accounts to push malicious updates, stealing credentials and spreading malware. Alibaba's Antv library was among the affected packages.
OpenAI's internal development environment was breached by hackers using compromised TanStack npm package, affecting employee devices and limited code repositories, but no customer data or production systems were compromised.
Zahlreiche TanStack-Pakete auf npm haben eine Supply-Chain-Attacke erlitten, offenbar im Rahmen der Angriffswelle „Mini Shai-Hulud“.
