Hundreds of packages across npm, PyPI, and Composer were compromised in the Shai-Hulud supply-chain campaign, which used stolen OIDC tokens to publish malicious versions with valid SLSA Build Level 3 provenance. The attack, attributed to TeamPCP, spread through projects like TanStack, Mistral AI, Bitwarden CLI, SAP, Guardrails AI, UiPath, and OpenSearch to steal developer secrets and persist on infected machines. #ShaiHulud #TeamPCP #TanStack #MistralAI #BitwardenCLI #SAP #GuardrailsAI #UiPath #OpenSearch
Keypoints
- The Shai-Hulud campaign compromised packages across npm, PyPI, and Composer.
- Attackers hijacked valid OIDC tokens to publish malicious versions with trusted provenance.
- The campaign initially hit TanStack and Mistral AI, then spread to other major projects.
- The malware stole developer secrets such as GitHub tokens, AWS credentials, Vault tokens, and SSH keys.
- Researchers recommend rotating credentials, checking persistence, and blocking attacker infrastructure.