Cryptopolitan on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
GIGAZINE

Password manager Bitwarden suffers supply chain attack; users of the npm package should check their device.

Socket, a company specializing in open-source software security, has announced that its password manager, Bitwarden, was subjected to a supply chain attack. Bitwarden CLI Compromised in Ongoing ...
IT News For Australia Business

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node package manager (npm), as part of a widening supply chain attack targeting ...
Supply Chain Management Review

UPS RFID rollout signals next phase of supply chain visibility

UPS announced at the recent Modex conference in Atlanta the expansion of RFID-based package sensing across its entire network. While UPS claims it is the first rollout of RFID sensing across an entire ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Hosted on MSN

Govt to secure goods supply chain first before introducing stimulus package

The government will first ensure there is sufficient supply of necessities before it introduces any economic stimulus package to deal with the impact from the ongoing crisis in the Middle East, says ...
CNN

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...
CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...