InfoWorld

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.
American Libraries

American Libraries Live

Join library experts and hundreds of your colleagues for interactive discussions on pressing issues in modern librarianship. American Libraries Live webcasts cover the full spectrum of library topics ...
Dark Reading

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Morning Overview on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...