Threat Digest

Illustration of a stylized worm or sandworm tunneling through code packages.

170+ Packages Wormed: TeamPCP's Mini Shai-Hulud Campaign Explained

A sophisticated, self-propagating worm has silently infected over 170 open-source packages, marking a disturbing new escalation in supply chain attacks. This isn't just a breach; it's a breach of trust, and the implications are staggering.

6 min read 1 day, 20 hours ago

Diagram illustrating a supply chain attack with compromised dependencies leading to a company's code repository.

Data Breaches

Supply Chain Attack Hits Grafana Labs

The open-source world just got a stark reminder of its interconnected fragility. Grafana Labs confirmed a recent code breach stemmed directly from a compromise within the TanStack development ecosystem.

5 min read 2 days, 2 hours ago

Abstract digital network with interconnected nodes, some glowing red to indicate compromise.

Vulnerabilities & CVEs

Mini Shai-Hulud: Your Code is Now a Highway for Hackers

The digital equivalent of finding a Trojan horse in your code library just got a lot scarier. The Mini Shai-Hulud campaign is here, and it's not just about hitting tech giants; it's about every developer and every organization that relies on open-source software.

6 min read 4 days, 6 hours ago

#mini-shai-hulud

170+ Packages Wormed: TeamPCP's Mini Shai-Hulud Campaign Explained

Supply Chain Attack Hits Grafana Labs

Mini Shai-Hulud: Your Code is Now a Highway for Hackers