npm 生态遭大范围投毒:TanStack、Mistral AI、UiPath 等受波及,可窃取云 ...

IT之家5 月 12 日消息,网络安全检测机构 Socket 于当地时间 5 月 11 日发出警报,在开源工具库 TanStack 旗下约 84 个 NPM 软件包的恶意版本中发现疑似凭证窃取恶意代码。 受影响软件包覆盖 42 个 @tanstack/* 命名空间下的项目,其中 @tanstack / react-router 的周下载量超 1200 万次,此类工具包在 NPM 生态中被广泛直接或 ...
heise online

React-Deep-Dive: TanStack Router und TanStack Query – Teil 1

The TanStack Router is an alternative to the React Router, the de facto standard for routing in React applications. The TanStack team released the first stable version in December 2023. The router ...
Cryptopolitan on MSN

OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices

OpenAI confirmed that two employee devices were compromised, but found no evidence that user data, production systems, or ...
The Next Web

OpenAI says no user data was touched in the TanStack npm worm

OpenAI says no user data was accessed in the TanStack npm compromise: two corporate laptops, some credentials, and a forced macOS update.
CSO Online

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.
Infosecurity Magazine

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...
Cryptopolitan on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...