A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential
Tag: Mini
AI, Global Security News
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
AI, Apps, Global Security News, malware
Mini Shai-Hulud returns, compromising hundreds of npm packages
A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves. Researchers analyzing the payload found a worm that spreads…
AI, Global Security News
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. “Upon identification of the malicious activity, we worked quickly to investigate, contain,…
AI, Global Security News
TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack
TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.
AI, Global Security News
Mini Shai-Hulud Hits TanStack npm Packages
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
Global Security News, Network Security
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
Summary The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems. OX Security tracked roughly 1,800 GitHub repositories created…
AI, Global Security News
Altman’s Personal Investments
Plus: AI for dementia patients, the Bezos-Musk space race, the Mac Mini shortage and more.