Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
TeamPCPās Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...
Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
Morning Overview on MSN
A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs
On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...
The man, a former Army engineer, was accused of posting videos showing how to make explosives. Authorities said those videos ...
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results