…Shai Hulud attack ships signed malicious TanStack, Mistral npm packages New npm supply-chain attack self-spreads to steal auth tokens PyPI package with 1.1M monthly downloads hacked to push infostealer…
…New macOS stealer campaign uses Script Editor in ClickFix attack New Infinity Stealer malware grabs macOS data via ClickFix lures Popular node-ipc npm package compromised to steal credentials Shai Hulud attack…
…More recently, the cybercrime gang was also linked to the "Mini Shai-Hulud" supply-chain campaign (which impacted the devices of two OpenAI employees) and threatened to leak the Mistral AI source…
…Edge hacked at Pwn2Own Berlin 2026 Popular node-ipc npm package compromised to steal credentials Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Download Manager JDownloader Linux Malware Python RAT…