TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
A coordinated supply chain attack dubbed Mini Shai-Hulud compromised over 170 packages across multiple high-profile NPM and PyPI projects, including TanStack, Mistral AI, and UiPath. The attackers, linked to the TeamPCP group, exploited three chained vulnerabilities in GitHub Actions workflows to publish malicious package versions with valid cryptographic provenance, making them appear legitimate. The injected payloads are multi-stage credential stealers targeting developer secrets, API keys, cloud credentials, and cryptocurrency wallets, with some variants also targeting password managers. The malware propagates by abusing GitHub OIDC tokens and commits itself to repositories to maintain persistence. The campaign published at least 401 malicious package artifacts within a five-hour window. Users are advised to audit their environments for affected package versions, rotate credentials, and review GitHub Actions configurations to mitigate risk.
AI Analysis
Technical Summary
The Mini Shai-Hulud supply chain attack involved publishing over 400 malicious versions of 170 packages across NPM and PyPI ecosystems, impacting projects such as TanStack, Mistral AI, UiPath, OpenSearch, and others. The attackers exploited a chain of three known vulnerabilities in GitHub Actions workflows—pull_request_target misconfiguration, cache poisoning, and runtime memory extraction of OIDC tokens—to hijack CI/CD pipelines and publish malicious packages signed with valid SLSA provenance certificates. The payloads include obfuscated JavaScript implants and Python modules designed to steal a wide range of credentials and secrets, exfiltrated via multiple channels including decentralized networks. The attack also employed persistence mechanisms by committing malicious code to repositories and spoofing trusted GitHub Apps. The campaign was attributed to the TeamPCP hacking group and represents a sophisticated abuse of software supply chains and provenance verification.
Potential Impact
The attack compromises the integrity of widely used open source packages by publishing malicious versions that appear legitimate due to hijacked build pipelines and valid cryptographic signing. The payloads steal sensitive information such as developer credentials, API keys, cloud secrets, cryptocurrency wallets, and password manager data, potentially leading to further compromise of developer environments and cloud infrastructure. The use of decentralized exfiltration channels increases the difficulty of disrupting data theft. The attack affects multiple ecosystems and high-profile projects with millions of downloads, amplifying the potential impact on software supply chains and dependent applications.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisories for current remediation guidance. Users should verify if any compromised package versions have been installed in their environments and remove them. All potentially exposed credentials and secrets should be rotated immediately. It is critical to audit GitHub Actions workflows, especially pull_request_target configurations, for cache poisoning vulnerabilities and to secure OIDC token usage. Implement behavioral analysis during package installation as an additional layer of defense alongside provenance verification. Follow vendor and security community updates for official patches or mitigations.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Description
A coordinated supply chain attack dubbed Mini Shai-Hulud compromised over 170 packages across multiple high-profile NPM and PyPI projects, including TanStack, Mistral AI, and UiPath. The attackers, linked to the TeamPCP group, exploited three chained vulnerabilities in GitHub Actions workflows to publish malicious package versions with valid cryptographic provenance, making them appear legitimate. The injected payloads are multi-stage credential stealers targeting developer secrets, API keys, cloud credentials, and cryptocurrency wallets, with some variants also targeting password managers. The malware propagates by abusing GitHub OIDC tokens and commits itself to repositories to maintain persistence. The campaign published at least 401 malicious package artifacts within a five-hour window. Users are advised to audit their environments for affected package versions, rotate credentials, and review GitHub Actions configurations to mitigate risk.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Mini Shai-Hulud supply chain attack involved publishing over 400 malicious versions of 170 packages across NPM and PyPI ecosystems, impacting projects such as TanStack, Mistral AI, UiPath, OpenSearch, and others. The attackers exploited a chain of three known vulnerabilities in GitHub Actions workflows—pull_request_target misconfiguration, cache poisoning, and runtime memory extraction of OIDC tokens—to hijack CI/CD pipelines and publish malicious packages signed with valid SLSA provenance certificates. The payloads include obfuscated JavaScript implants and Python modules designed to steal a wide range of credentials and secrets, exfiltrated via multiple channels including decentralized networks. The attack also employed persistence mechanisms by committing malicious code to repositories and spoofing trusted GitHub Apps. The campaign was attributed to the TeamPCP hacking group and represents a sophisticated abuse of software supply chains and provenance verification.
Potential Impact
The attack compromises the integrity of widely used open source packages by publishing malicious versions that appear legitimate due to hijacked build pipelines and valid cryptographic signing. The payloads steal sensitive information such as developer credentials, API keys, cloud secrets, cryptocurrency wallets, and password manager data, potentially leading to further compromise of developer environments and cloud infrastructure. The use of decentralized exfiltration channels increases the difficulty of disrupting data theft. The attack affects multiple ecosystems and high-profile projects with millions of downloads, amplifying the potential impact on software supply chains and dependent applications.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisories for current remediation guidance. Users should verify if any compromised package versions have been installed in their environments and remove them. All potentially exposed credentials and secrets should be rotated immediately. It is critical to audit GitHub Actions workflows, especially pull_request_target configurations, for cache poisoning vulnerabilities and to secure OIDC token usage. Implement behavioral analysis during package installation as an additional layer of defense alongside provenance verification. Follow vendor and security community updates for official patches or mitigations.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/tanstack-mistral-ai-uipath-hit-in-fresh-supply-chain-attack/","fetched":true,"fetchedAt":"2026-05-12T10:21:23.364Z","wordCount":1689}
Threat ID: 6a02ff23cbff5d8610c669e2
Added to database: 5/12/2026, 10:21:23 AM
Last enriched: 5/12/2026, 10:21:32 AM
Last updated: 5/12/2026, 10:38:49 PM
Views: 37
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.