Find notable cyber news and cases, enriched with sources, timelines, and signals.

TeamPCP campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

The TeamPCP / Mini Shai-Hulud supply-chain operation is actively compromising hundreds of packages, exposing downstream developers to malware delivery and credential theft. The activity spans packages tied to TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, showing a broad multi-victim footprint. The stolen credentials are intended to extend the breaches and widen access across affected environments.

Related Happenings

OpenAI Codex codexui-android supply-chain token theft campaign

Campaign
H score48 First: 01.06.2026 12:31 Last: 01.06.2026 12:31 Sources 1

About this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...

Mistral AI hit by network compromise

Incident
H score36 First: 15.05.2026 01:50 Last: 15.05.2026 01:50 Sources 1

About this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....

OpenAI hit by cyberattack

Incident
H score38 First: 14.05.2026 22:07 Last: 14.05.2026 22:07 Sources 1

How related: OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner.

About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...

TanStack hit by network compromise

Incident
H score29 First: 12.05.2026 17:45 Last: 12.05.2026 17:45 Sources 1

About this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...

Latest development: 21.05.2026 11:00

On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
H score56 First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...

Timeline

  1. 15.05.2026 13:54 2 articles · 1mo ago

    TeamPCP Mini Shai-Hulud campaign expands across multiple package ecosystems

    Campaign Scope Update

    TeamPCP's Mini Shai-Hulud supply chain campaign is linked to hundreds of compromised packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, with malware pushed to downstream developers to steal credentials and broaden access across affected environments. Reporting also ties the operation to trojanized npm and PyPI SDKs for Mistral AI, a threatened leak of internal source code from Mistral AI, and malware behavior that uses a hard-coded primary C2 server, a FIRESCALE fallback path, and destructive actions on systems geolocated to Israel or Iran.

    Show sources