MEDIUMSupply Chain
Global

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly

Analysis

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly
Source Attribution

Originally published by The Hacker News on May 19, 2026.

Related Threats

CRITICALSupply Chain

Contractor’s public GitHub account exposed GovCloud and CISA credentials

Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend , acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information in a

CSO Online
HIGHSupply Chain

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack , which exploited a complex GitHub Actions cache poisoning weakness, the latest incident early on May 19 took the more conventional route of compr

CSO Online
MEDIUMSupply Chain

Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/shai-hulud-is-back-maintainers-the-target" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/1-2025_Website-Assets/2025_blog_images/RapidResponse-shai-hulud-may.jpg" alt="Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target" class="hs-featured-image" style="width:auto !import

Sonatype (Maven/npm)