A rapidly spreading campaign dubbed “mini Shai-Hulud” compromised hundreds of open-source packages, including TanStack, UiPath, and MistralAI, by injecting credential-stealing code into trusted development tools. The attack bypassed two-factor authentication and valid provenance checks by abusing GitHub Actions and automated publishing pipelines, exposing AWS, Google Cloud, GitHub, Kubernetes, and Vault credentials at risk. #miniShaiHulud #TanStack #UiPath #MistralAI #TeamPCP #AnthropicClaude #GitHubActions
Keypoints
- The “mini Shai-Hulud” campaign infected hundreds of open-source packages with credential-stealing malware.
- TanStack, UiPath, and MistralAI were among the targeted software libraries.
- The attack bypassed 2FA and valid provenance by abusing manipulated CI/CD pipelines and GitHub Actions.
- The malware stole cloud and developer secrets from AWS, Google Cloud, Kubernetes, Vault, and local SSH keys.
- Researchers linked the operation to TeamPCP and warned of persistence in VS Code and Claude Code directories.
Read More: https://cyberscoop.com/mini-shai-hulud-supply-chain-malware-attack/