Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Morning Overview on MSN
A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs
On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new ...
The helper's sole function is to invoke the browser's IElevator2 COM interface, introduced in Chrome 144, to recover the ...
May 14, 2026: Looks like two new ZZZ codes just… expired. Two remain. What are the new Zenless Zone Zero codes? We love a freebie. Whether it's free Polychrome, Investigator Logs, or Bangboo Algorithm ...
14th May 2026: We added new Type Soul codes. Type Soul is a Roblox game based on the popular anime series Bleach. The experience originally launched around the time that Part 2 of the Thousand Year ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results