{"data":{"id":"928c0966-dbb5-4d2b-b804-d803abe9f123","title":"Shai Hulud attack ships signed malicious TanStack, Mistral npm packages","summary":"Hundreds of software packages on npm (Node Package Manager) and PyPI (Python Package Index) were compromised in the Shai-Hulud attack campaign, which used stolen OIDC tokens (authentication credentials that verify a developer's identity) to publish malicious versions with valid cryptographic signatures, making them appear legitimate. The malware targets developer credentials like GitHub tokens, AWS secrets, and SSH keys, then hides itself in code editor auto-run tasks so uninstalling the packages doesn't remove it. The attack affected popular projects including TanStack, Mistral AI, Bitwarden, and others.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/","publishedAt":"2026-05-12T11:29:36.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Mistral","HuggingFace"],"affectedVendorsRaw":["TanStack","Mistral AI","Guardrails AI","UiPath","OpenSearch","Bitwarden","SAP","Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-12T11:29:36.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}