SlowMist(@SlowMist_Team):We combed through the full attack chain behind the Shai-Hulud / Mini Shai-Hulud supply chain attacks since May 2026. From the collapse of TanStack’s CI/CD trust boundary, to the malicious Nx Console VS Code extension, and later the @antv, PyPI durabletask, and GitHub internal private repository breach incidents, the attackers completed coordinated lateral expansion across npm, PyPI, IDE extensions, and cloud environments within roughly a week. ⚠️This was not a series of isolated incidents, but a mature attack pipeline built around “trusted release channels → credential harvesting → lateral propagation.” Read the full analysis and incident breakdown 🔎

2026.05.22 09:03

We combed through the full attack chain behind the Shai-Hulud / Mini Shai-Hulud supply chain attacks since May 2026. From the collapse of TanStack’s CI/CD trust boundary, to the malicious Nx Console VS Code extension, and later the @antv, PyPI durabletask, and GitHub internal private repository breach incidents, the attackers completed coordinated lateral expansion across npm, PyPI, IDE extensions, and cloud environments within roughly a week. ⚠️This was not a series of isolated incidents, but a mature attack pipeline built around “trusted release channels → credential harvesting → lateral propagation.” Read the full analysis and incident breakdown 🔎