Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP compromised multiple popular software packages (from companies like TanStack, Mistral AI, and Guardrails AI) by injecting malicious code that steals credentials for cloud services, cryptocurrency wallets, and development tools. The attack used a technique called SLSA provenance (a system that verifies software was built securely) to make the malicious packages look legitimate, and the malware persists by modifying development tools like VS Code so it runs every time the tool starts.