Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek.
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, security researchers report.
The NPM maintainer account ‘atool’, which has access to multiple packages across the @antv namespace, and which publishes timeago.js (1.5 million weekly downloads), was compromised and used to publish malicious package versions.
The attack propagated downstream to other highly popular packages, including echarts-for-react (~1.1 million weekly downloads), “impacting a much broader set of applications and continuous integration (CI) environments,” Microsoft warned on Tuesday.
Source: https://www.securityweek.com/over-320-npm-packages-hit-by-fresh-mini-shai-hulud-supply-chain-attack/
Related breach coverage
- TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code2026-05-15
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.
- Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack2026-05-22
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.
- OpenAI Hit by TanStack Supply Chain Attack2026-05-15
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
- Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility2026-05-21
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.