Web Scouter
Back to News
Security NewsHighIncidentsupply chain

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

UnknownMay 12, 2026(about 2 hours ago)

TeamPCP compromised npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI via a supply chain attack.

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution

Related News

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Unknownabout 1 hour ago

CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Unknownabout 3 hours ago

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Unknownabout 3 hours ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.