> TritonInfoSec News
Home / May 13, 2026 / Story
0
#4 SecurityWeek general May 12, 2026 at 10:10 UTC

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

By Ionut Arghire

AI Summary

The Mini Shai-Hulud supply chain campaign, attributed to threat actor TeamPCP, compromised over 400 malicious versions of 170 npm and PyPI packages by injecting an obfuscated JavaScript file ('router_init.js') into legitimate packages from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. The attack weaponized signed release artifacts to evade detection, directly threatening developer environments that depend on these widely-used open-source ecosystems.

Read full article → https://www.securityweek.com/tanstack-mistral-ai-u…

Relevance score: 87.0/100

# More from May 13

  1. 1
    Copy.Fail Linux Vulnerability Schneier on Security
  2. 2
    'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros Dark Reading
  3. 3
    Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days BleepingComputer
  4. 5
    Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak The Hacker News
  5. 6
    Google Detects First AI-Generated Zero-Day Exploit SecurityWeek
  6. 7
    Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator BleepingComputer
  7. 8
    Official CheckMarx Jenkins package compromised with infostealer BleepingComputer
  8. 9
    New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution The Hacker News
  9. 10
    iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android The Hacker News