JavaScriptやReact周辺の開発で広く使われているライブラリ群「TanStack」のnpmパッケージに、攻撃者がマルウェア入りのバージョンを公開するサプライチェーン攻撃が行われました。TanStack公式の事後報告によると、攻撃者は2026年5月11日に、42個のTanStack関連 ...

The TanStack team has documented security measures and proposals following a damaging breach last week, including the possibility of making pull requests (PRs) by invitation only - a break from the ...

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...

A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. OpenAI has disclosed the impact of the recent TanStack supply chain attack, ...