TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

Grafana says hackers compromised business contact information and downloaded its codebase as a result of the TanStack supply ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the ...

GitHub says the breach of roughly 3,800 internal repositories was tied to the wider TanStack npm supply-chain attack.

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on ...

Hackers exploited a TanStack library vulnerability, compromising two OpenAI employees' devices and accessing limited internal ...

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave.