Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man's switch that nukes your system.
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
heise online

React-Deep-Dive: TanStack Router und TanStack Query – Teil 1

The TanStack Router is an alternative to the React Router, the de facto standard for routing in React applications. The TanStack team released the first stable version in December 2023. The router ...
Infosecurity-magazine.com

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...
Tom's Hardware on MSN

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and Mistral SDKs to the broader ...
The Next Web

OpenAI says no user data was touched in the TanStack npm worm

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but ...
Hosted on MSN

OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices

OpenAI has admitted that two employee devices were compromised through malicious versions of TanStack npm packages. The company is insisting that no evidence that user data, production systems, or ...