JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026年5月11日に、42個のTanStack関連 ...

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave. The TanStack team announced that a supply chain attack on TanStack ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The ...