Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A Global Supply Chain Attack: The Mini Shai-Hulud Worm Spreads to TanStack, UiPath, and PyPI


A recent global supply chain attack has left organizations scrambling to respond to a malicious worm dubbed Mini Shai-Hulud, which has compromised packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI. The attack is notable for its sophisticated tactics, including evasion of detection and the use of persistence hooks in development environments.

  • TeamPCP linked to compromise of popular packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI.
  • Attacked via the Mini Shai-Hulud worm, a sophisticated piece of malware designed to spread itself without traditional authentication.
  • Evasion techniques include using Session Protocol infrastructure for exfiltration and storing encrypted data in attacker-controlled repositories.
  • Establishs persistence hooks in development environments, allowing it to survive reboots and re-execute itself.
  • Affects 42 packages across 84 different versions within the TanStack ecosystem, with a critical CVSS score of 9.6.


    • In a concerning development that has shaken the very foundations of the software supply chain, a malicious entity known as TeamPCP has been linked to the compromise of popular packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI. This attack, attributed to the Mini Shai-Hulud worm, has left numerous organizations scrambling to respond to the threat.

    At its core, the Mini Shai-Hulud worm is a sophisticated piece of malware designed to compromise software packages by locating publishable npm tokens with bypass_2fa set to true and enumerating every package published by the same maintainer. This malicious behavior allows the worm to spread itself to other packages without needing traditional authentication, making it an incredibly difficult threat to contain.

    One of the most striking aspects of this attack is its ability to evade detection. The worm's use of Session Protocol infrastructure for exfiltration makes it less likely to be blocked within enterprise environments, where many organizations rely on such protocols for legitimate communication. Furthermore, the worm's fallback option involves storing encrypted data in attacker-controlled repositories under a fictional author name, "claude@users.noreply.github.com," via the GitHub GraphQL API using stolen GitHub tokens.

    In addition to its stealthy nature, the Mini Shai-Hulud worm is also notable for its ability to establish persistence hooks in various development environments. This allows it to survive reboots and re-execute itself on every launch of the IDEs involved, including Claude Code and Microsoft Visual Studio Code (VS Code). Moreover, the worm installs a gh-token-monitor service to monitor and re-exfiltrate GitHub tokens.

    The malware also injects two malicious GitHub Actions workflows into repository secrets, which serialize them into JSON objects and upload the data to an external server. The affected packages from TanStack have been identified as versions 1.2.3, 1.2.4, and 1.2.5 of their "TanStack/router" workflow.

    The incident has had a significant impact on the software supply chain. Specifically, TanStack's supply chain has been compromised with 42 packages impacted across 84 different versions within the TanStack ecosystem. This includes packages from UiPath, DraftLab, and other maintainers.

    Experts have noted that the worm carries a critical CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. The affected packages, including those from TanStack, UiPath, and PyPI, carry valid SLSA Build Level 3 provenance attestations, making this the first documented npm worm that produces validly attested malicious packages.

    In response to the attack, numerous organizations have issued alerts and warnings about potential compromises of their software supply chains. Experts are advising developers and organizations to take immediate action to protect themselves against the Mini Shai-Hulud worm.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Global-Supply-Chain-Attack-The-Mini-Shai-Hulud-Worm-Spreads-to-TanStack-UiPath-and-PyPI-ehn.shtml

  • https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html

  • https://www.aikido.dev/blog/mini-shai-hulud-is-back-tanstack-compromised

  • https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem

  • https://teampcp.cyberdigest.international/

  • https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild


    • Published: Tue May 12 04:15:26 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us