TeamPCP campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The TeamPCP / Mini Shai-Hulud supply-chain operation is actively compromising hundreds of packages, exposing downstream developers to malware delivery and credential theft. The activity spans packages tied to TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, showing a broad multi-victim footprint. The stolen credentials are intended to extend the breaches and widen access across affected environments.
Related Happenings
OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
H score48
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
About this happening:
A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenAI Codex codexui-android supply-chain token theft campaign
CampaignAbout this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
Mistral AI hit by network compromise
Incident
H score36
First: 15.05.2026 01:50
Last: 15.05.2026 01:50
Sources 1
About this happening:
Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
Mistral AI hit by network compromise
IncidentAbout this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
OpenAI hit by cyberattack
Incident
H score38
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
How related:
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner.
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentHow related: OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner.
About this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
TanStack hit by network compromise
Incident
H score29
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
**TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
TanStack hit by network compromise
IncidentAbout this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
Latest development: 21.05.2026 11:00
On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
H score56
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Timeline
-
15.05.2026 13:54 2 articles · 1mo ago
TeamPCP Mini Shai-Hulud campaign expands across multiple package ecosystems
Campaign Scope UpdateTeamPCP's Mini Shai-Hulud supply chain campaign is linked to hundreds of compromised packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, with malware pushed to downstream developers to steal credentials and broaden access across affected environments. Reporting also ties the operation to trojanized npm and PyPI SDKs for Mistral AI, a threatened leak of internal source code from Mistral AI, and malware behavior that uses a hard-coded primary C2 server, a FIRESCALE fallback path, and destructive actions on systems geolocated to Israel or Iran.
Show sources
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — thehackernews.com — 15.05.2026 13:54
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — thehackernews.com — 15.05.2026 13:54