ACCORDING to The Hacker News, TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of the Mini Shai-Hulud campaign.
The affected npm packages were altered to include an obfuscated router_init.js file designed to profile environments and launch a credential stealer targeting cloud providers, crypto wallets, AI tools, messaging apps and CI systems, with data exfiltrated to the filev2.getsession[.]org domain.
The attack leverages a GitHub fork and hijacked TanStack/router workflows to publish compromised versions with valid SLSA provenance, and the worm can spread to other packages by exploiting a publishable npm token with bypass_2fa. The incident has been assigned the CVE-2026-45321 and carries a CVSS of 9.6, affecting 42 packages and 84 versions across the TanStack ecosystem.
Microsoft and others note additions such as a session-based persistence mechanism and the re-exfiltration of GitHub tokens via a gh-token-monitor service, with some payloads executing on import in certain packages.