Cybersecurity firm Socket has revealed that 42 npm packages from the TanStack open-source library were compromised by hackers on May 11. The attack affected 84 versions of these packages, embedding malware aimed at stealing CI/CD credentials from environments like GitHub Actions, AWS, and Kubernetes. Users are advised to rotate their credentials immediately. This breach is part of the broader "Mini Shai-Hulud" supply chain attack, which also targeted Mistral AI and UiPath.
TanStack npm Packages Compromised in Major Supply Chain Attack
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.