{"id":20241,"date":"2026-05-12T08:50:00","date_gmt":"2026-05-12T08:50:00","guid":{"rendered":"https:\/\/sekuritasit.com\/index.php\/2026\/05\/12\/mini-shai-hulud-worm-compromises-tanstack-mistral-ai-guardrails-ai-more-packages-infothehackernews-com-the-hacker-news\/"},"modified":"2026-05-12T08:50:00","modified_gmt":"2026-05-12T08:50:00","slug":"mini-shai-hulud-worm-compromises-tanstack-mistral-ai-guardrails-ai-more-packages-infothehackernews-com-the-hacker-news","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2026\/05\/12\/mini-shai-hulud-worm-compromises-tanstack-mistral-ai-guardrails-ai-more-packages-infothehackernews-com-the-hacker-news\/","title":{"rendered":"Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI &amp; More Packages info@thehackernews.com (The Hacker News)"},"content":{"rendered":"<p>TeamPCP, the threat actor behind the recent\u00a0supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.<br \/>\nThe affected npm packages have been modified to include an obfuscated JavaScript file (&#8220;router_init.js&#8221;) that&#8217;s designed to profile the execution<a href=\"https:\/\/thehackernews.com\/2026\/05\/mini-shai-hulud-worm-compromises.html\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>TeamPCP, the threat actor behind the recent\u00a0supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file (&#8220;router_init.js&#8221;) that&#8217;s designed [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":20242,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-20241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/20241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=20241"}],"version-history":[{"count":0,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/20241\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media\/20242"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=20241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=20241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=20241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}