MEDIUMSupply Chain
Global

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

·Source: The Hacker News

Updated:

Executive Summary

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution

Analysis

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution
Source Attribution

Originally published by The Hacker News on May 12, 2026.

Related Threats

MEDIUMSupply Chain

SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

The new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks.

Dark Reading
MEDIUMSupply Chain

OpenAI asks macOS users to update after TanStack npm supply chain attack

The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.

The Record
MEDIUMSupply Chain

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]

BleepingComputer