The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Dark Reading

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...

Jon Phillips turned to AI to help plan a new ice cream shop and mini-golf course

Jon Phillips is planning to develop a site near Altamont with an ice cream stand, pizza shop and mini golf. He's leaned on AI ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

OpenAI says no user data stolen after supply-chain hackers accessed employee devices

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.
The Caledonian-Record

Datavault AI Positions Distributed Edge Network Ahead of CLARITY Act Senate Vote

Targeting year-end 2026 completion of quantum-ready edge network deployment across more than 100 major U.S. citiesMini Data ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...
Opinion
Foreign AffairsOpinion

Trump’s China Trap

Yet that scene—a leader anxious about Washington, rushing to Beijing with a newfound urgency—has played out again and again since Trump’s return to the White House. In 2025, the leaders of Australia, ...
Morning Overview on MSN

A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...