Signal
Mini Shai-Hulud malware compromises hundreds of npm and PyPI packages in supply chain attack
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-12 17:14 UTCUpdated 2026-05-12 21:38 UTC
rss
cveexploitsmalwarethreat_actorssecurity_toolingincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
A widespread supply chain attack known as 'Mini Shai-Hulud' has infected hundreds of open-source packages across npm and PyPI registries, embedding credential-stealing malware into popular development tools.
Entities
TanStackUiPathMistral AIMini Shai-HuludTeamPCP
Score total
1.19
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
- The attack occurred recently on May 11, affecting millions of weekly downloads.
- Rapid spread due to worm-like malware capabilities increases urgency for remediation.
- Security teams have just removed compromised packages, prompting immediate action by users.
Why it matters
- The attack compromises trusted open-source packages critical to modern software development.
- Malware embedded in widely used libraries can lead to large-scale credential theft and downstream breaches.
- The incident exposes vulnerabilities in automated software publishing and package integrity verification.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Mini Shai-Hulud malware infected hundreds of npm and PyPI packages embedding credential-stealing code.
- The attack bypassed two-factor authentication and used valid cryptographic signatures to evade detection.
- Affected packages include TanStack Router ecosystem, UiPath, Mistral AI SDK, and others, totaling over 170 npm packages and multiple PyPI packages.
How sources frame it
- CyberScoop: neutral
- CSO Online: neutral
- SC Media: neutral
This incident highlights the increasing sophistication of supply chain attacks leveraging trusted cryptographic mechanisms and automated publishing workflows.
All evidence
All evidence
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
CyberScoop · cyberscoop.com · 2026-05-12 21:38 UTC
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
SC Media · scworld.com · 2026-05-12 18:25 UTC
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
CSO Online · csoonline.com · 2026-05-12 17:14 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- CyberScoop (1)
- SC Media (1)
- CSO Online (1)
Top origin domains (this list)
- cyberscoop.com (1)
- scworld.com (1)
- csoonline.com (1)