1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Mini Shai-Halud hackers publish over 600 compromised npm packages

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 20, 2026 16:45:26
    Mini Shai-Halud hackers publish over 600 compromised npm packages developers warned to be on their guard

    Date:
    Wed, 20 May 2026 15:35:00 +0000

    Description:
    The Shai-Hulud campaign continues, now affecting hundreds of new packages and potentially compromising thousands of projects.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter More than 600 malicious npm packages were published in a coordinated supplychain attack linked to
    TeamPCPs ShaiHulud campaign The attackers compromised ecosystems including TanStack, Mistral, and antv, introducing infostealers and persistence mechanisms in developer environments Developers are advised to roll back to safe versions released before May 18 and rotate any exposed credentials Cybercriminals published more than 600 malicious packages to the npm registry in a coordinated software supply-chain attack linked to the Shai-Hulud campaign.

    Multiple security organizations, including Socket, confirmed that on May 19 2026, in just one hour, malicious actors managed to publish 639 versions of 323 unique packages on npm, targeting software developers, open-source maintainers, organizations running CI/CD pipelines, and everyone else who downloaded, or depends, on the compromised npm packages. Shai-Hulud is a malware campaign conducted by a threat actor known as TeamPCP. By stealing login credentials and access tokens, the miscreants access legitimate
    packages and update them to push infostealer malware, grabbing credentials, and compromising CI/CD environments. Latest Videos From You may like
    'Hundreds of thousands of stolen secrets could potentially be circulating as
    a result of these recent attacks': Google says North Korean hackers behind major attack on Axios OpenAI confirms security breach but says no user data was affected Top LLM PyPl package compromised to steal user details - here's what we know Major downstream risk So far, TeamPCP compromised an undisclosed number of npm packages, but we know that at least some of them are from TanStack-related and Mistral-related ecosystems - with OpenAI one of the companies that confirmed suffering exposure as a result of the Shai-Hulud campaign.

    In the latest attack, the threat actors targeted the antv ecosystem, into which thousands of GitHub repositories were later automatically created using stolen credentials. The campaign also introduced fake-looking package provenance signatures and new persistence mechanisms targeting VS Code and Claude Code environments.

    The report does not say how many times the malicious package versions were actually downloaded, but it does stress the normal popularity of some
    affected packages. For example, the jest-canvas-mock package gets around 10 million monthly downloads, which suggests that the attack surface is
    extremely large.

    Security researchers stressed that the full impact of the campaign is not yet known, mostly because we dont know the number of downstream infections. However, supply-chain attacks like this one can be particularly dangerous, as just one compromised maintainer account can affect thousands of projects through automated package updates. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Developers who downloaded infected packages should remove or roll back to
    safe versions published before May 18, as well as rotate any potentially exposed credentials.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mini-shai-halud-hackers-publish-over-60 0-compromised-npm-packages-developers-warned-to-be-on-their-guard


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)