Aikido Security(@AikidoSecurity):Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps:

Aikido Security

@AikidoSecurity

The best way to secure everything you build, ship & run. 🌐 ⭐️ Get developers back to building.

Joined September 2022

1.1K Following 10.8K Followers

Aikido Security@AikidoSecurity

2026.05.12 00:07

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps:

2.6K

494

Forward to community

Most Popular Users