Skip to main content
Scour
Discover
Docs
Login
Sign Up
Discover
About
Docs
Changelog
You are offline. Trying to reconnect...
Copied to clipboard
Unable to share or copy to clipboard
Back to article
stepsecurity.io
5w
5 weeks ago
Mini Shai-Hulud - TanStack and more npm packages compromised, with SLSA Build Level 3 provenance attestations
(opens in new tab)
Covers
Postmortem: TanStack NPM supply-chain compromise
Covered by
11 sources
See all sources covering this story
including
This Week In 4n6
,
infoworld.com
Discussed on
Lobsters
Love
Like
Not for me
Save
|
|
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Covers 1 related story
TanStack Blog
·
5w
5 weeks ago
Postmortem: TanStack NPM supply-chain compromise
Discussed on
Hacker News
,
Hacker News
,
Lobsters
,
r/netsec
,
r/programming
, and
DEV
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Postmortem: TanStack NPM supply-chain compromise
Covered in 12 articles
This Week In 4n6
·
5w
5 weeks ago
Week 20
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Week 20
infoworld.com
·
2w
2 weeks ago
AI’s brave new world of technical debt
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for AI’s brave new world of technical debt
Comments on:
·
5w
5 weeks ago
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
venturebeat.com
·
4w
4 weeks ago
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Help Net Security
·
4w
4 weeks ago
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Security Affairs
·
5w
5 weeks ago
INTERNATIONAL EDITION
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for INTERNATIONAL EDITION
Security Affairs
·
5w
5 weeks ago
OpenAI hit by supply chain attack linked to malicious TanStack packages
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for OpenAI hit by supply chain attack linked to malicious TanStack packages
blog.outsider.ne.kr
·
5w
5 weeks ago
기술 뉴스 #294 : 26-05-16
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for 기술 뉴스 #294 : 26-05-16
Tenable Blog
·
4w
4 weeks ago
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
podrocket.logrocket.com
·
4w
4 weeks ago
Bun's rust rewrite, the TanStack hack, and the $60B Cursor deal
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Bun's rust rewrite, the TanStack hack, and the $60B Cursor deal
Show more
In other languages
CERT-SE
·
5w
5 weeks ago
CERT-SE:s veckobrev v.20
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for CERT-SE:s veckobrev v.20
Keyboard Shortcuts
Navigation
Next / previous post
j
/
k
Open post
o
or
Enter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
g
h
Interests
g
i
Feeds
g
f
Likes
g
l
History
g
y
Changelog
g
c
Settings
g
s
Discover
g
b
Search
/
Pagination
Next page
n
Previous page
p
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc
Press
?
anytime to show this help
Like
Save
Not for me
Report