News Score: Score the News, Sort the News, Rewrite the Headlines
7.8

Mistral AI and TanStack packages compromised in 'Mini Shai Hulud' supply-chain attack; malicious code steals GitHub, cloud, CI/CD credentials across npm and PyPI ecosystems—millions of downloads affected, Microsoft investigates

tomshardware.com #

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'  malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

(Image credit: Getty Images) Microsoft Threat Intelligence said in an X post on Monday that it is investigating a compromise of the mistralai PyPI package after attackers reportedly injected malicious code that automatically executed on import, downloaded a secondary payload disguised as transformers.pyz, and launched malware on Linux systems — the latest incident researchers believe may be linked to the broader “Mini Shai-Hulud” software supply-chain campaign targeting developer ecosystems.Acco...

Read more at tomshardware.com

© News Score  score the news, sort the news, rewrite the headlines
Leaderboard Submit About