Skills
Mini Shai-Hulud Worm Compromises 170+ npm/PyPI Packages Including TanStack — First Documented Worm With Valid SLSA Build Level 3 Attestations
On May 11, TeamPCP launched the largest npm worm attack of 2026, compromising 172 packages across 403 malicious versions totaling 518M cumulative downloads. The attack chained three GitHub Actions vulnerabilities: pull_request_target misconfiguration, cross-fork cache poisoning, and OIDC token extraction from runner memory. The 2.3MB obfuscated payload harvested AWS, GCP, K8s, and GitHub credentials. Critically, compromised packages carry valid SLSA Build Level 3 provenance attestations — meaning standard supply chain verification tools would not flag them.
Source
↳ Follow the thread