Aikido Security(@AikidoSecurity):Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps:

Aikido Security

@AikidoSecurity

The best way to secure everything you build, ship & run. 🌐 ⭐️ Get developers back to building.

加入 September 2022

1.1K 正在關注 10.8K 粉絲

Aikido Security@AikidoSecurity

2026.05.12 00:07

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps:

2.6K

494

轉發到社區

熱門用戶