The Information Machine

AI as Attack Tool and Attack Target: May 2026 Cybersecurity Moment · history

Version 5

2026-05-24 03:40 UTC · 171 items

What

The TeamPCP 'Mini Shai-Hulud' supply chain campaign continues to widen: Nx Console version 18.95.0 has been specifically identified as the VS Code extension used to breach approximately 3,800–4,000 GitHub internal repositories [4][5][6]; CISA added CVE-2026-33634 to its Known Exploited Vulnerabilities catalog, converting voluntary remediation into a federal compliance obligation [12]; and the worm has reached the AntV data visualization ecosystem with 300+ malicious packages, while the European Commission has been named alongside OpenAI and Mistral AI as a victim of the 170+ package campaign [17][18]. Mend.io published analysis claiming the SAP Cloud Application Programming Model segment of the attack ran 'via Claude Code,' raising the possibility that Anthropic's AI coding assistant served as an attack surface [19]. Separately, AISI published its official Claude Mythos Preview cyber evaluation [20][21] as the US government formalized CAISI (NIST's Center for AI Standards and Innovation) as its pre-deployment vetting gate for frontier AI models [26].

Why it matters

CISA's KEV listing [12] converts CVE-2026-33634 from advisory to compliance requirement for federal agencies; the European Commission's reported exposure [18] confirms government IT infrastructure is in scope alongside AI lab and enterprise targets. If Mend.io's 'via Claude Code' claim [19] is substantiated, AI coding assistants — not just package registries and editor extensions — become a required focus of developer supply chain defenses, materially expanding the remediation surface organizations must address.

Open questions

  • Mend.io published 'SAP CAP Supply Chain Attack Via Claude Code' [19], but has not been corroborated by other sources — was Anthropic's Claude Code itself compromised, used by attackers as a development aid, or targeted as a propagation surface for malicious packages?

  • CISA added CVE-2026-33634 to the KEV catalog [12], compelling federal agencies to remediate on a mandatory timeline — which agencies relied on Trivy in their CI/CD pipelines, and what is the scope of government exposure beyond public disclosures, including the Broadcom Tanzu/Spring Enterprise downstream impact [13]?

  • Social media reporting names the European Commission as a victim of the 170+ package campaign [18] — has the European Commission confirmed this breach, and what systems or data were exposed?

  • At least one source references 'CVE-2026-45321' for the TanStack attack [34] separately from the campaign-wide CVE-2026-33634 — do these designate overlapping or distinct components of the same campaign, and which packages fall under each?

Narrative

The TeamPCP supply chain campaign launched on May 11, 2026, when a self-spreading worm called Mini Shai-Hulud poisoned more than 170 npm and PyPI packages — including heavily downloaded libraries in the TanStack ecosystem — and reached two OpenAI employee devices, exfiltrating code-signing certificates that triggered a mandatory certificate rotation deadline for OpenAI's iOS, macOS, and Windows applications [1][2][3]. GitHub confirmed that the same campaign breached its internal infrastructure via a poisoned version of Nx Console version 18.95.0, a widely used VS Code extension, giving TeamPCP access to approximately 3,800–4,000 internal repositories [4][5][6]. GitHub stated customer data was unaffected [7], but BleepingComputer, Varonis, Ox Security, StepSecurity, and Aikido Security each published independent analyses of the Nx Console attack vector [8][5][6][9][10], and analysts have consistently noted that internal repositories almost certainly contain infrastructure configuration, tooling secrets, and unreleased product code — categories not captured by the 'customer data' framing [11].

CVE-2026-33634 (CVSS 9.4) has acquired new institutional weight. CISA added it to its Known Exploited Vulnerabilities catalog [12], a designation that compels federal agencies to remediate on a mandatory timeline and signals active, widespread exploitation. Broadcom confirmed downstream exposure in its Tanzu Application Platform and Spring Enterprise products through the Trivy container-security scanner compromise [13], while GitLab's Advisory Database and Aqua Security's own GitHub advisory formally document the Trivy ecosystem compromise [14][15]. LegitSecurity published incident response playbooks [16]. The worm's propagation has reached the AntV data visualization ecosystem, with Snyk reporting 300+ malicious packages [17]. Social media reporting as of May 23 places the total compromised package count at 170+ and names the European Commission alongside OpenAI and Mistral AI as victims [18] — if confirmed, a significant expansion from AI laboratory infrastructure into government IT systems. Mend.io published analysis under the headline 'Shai Hulud: SAP CAP Supply Chain Attack Via Claude Code' [19], raising the claim that Anthropic's Claude Code AI coding assistant played a role in the SAP Cloud Application Programming Model segment of the attack. That specific mechanism — whether Claude Code itself was compromised, used by attackers as a development tool, or targeted as a propagation surface — has not been corroborated by independent sources, but it introduces a materially new question about whether AI coding assistants must now be added to the supply chain threat model alongside package registries and editor extensions.

Claude Mythos Preview's autonomous clearance of both UK AI Safety Institute offensive cyber ranges is now formally documented. AISI published its full evaluation of Mythos [20], including a companion rate-of-advance analysis asking how quickly autonomous AI cyber capability is advancing [21]. CyberScoop reported on how US and UK cyber authorities are calibrating their institutional response [22], and the Cloud Security Alliance characterized the Mythos milestone as reaching an 'AI Autonomous Offensive Threshold' [23]. Skeptics have emerged: a YouTube commentary questioned aspects of the AISI evaluation methodology [24], and a Reddit discussion critiqued the Mythos system card as inconsistent [25]. On the governance front, the US Department of Commerce finalized expanded safety-testing agreements with Google, Microsoft, and xAI through NIST's Center for AI Standards and Innovation (CAISI) in early May [26], with Politico and LinkedIn commentary describing CAISI as the emerging federal AI compliance gate [27]. Lawfare published a parallel analysis of a voluntary pre-deployment vetting path [28], while Zvi Mowshowitz continued to argue that any governance structure anchored in cybersecurity is politically captured and fails to treat the Mythos milestone as the general capability threshold it represents [29].

Two structural vulnerabilities deepen the composite threat model. MCP tool poisoning — embedding hidden data-exfiltration instructions in AI tool descriptions — has been assigned CVE-2025-54136 [30], formalizing a vulnerability confirmed to work silently against Claude, ChatGPT, Cursor, and other major AI assistants [31][32][33]. The Mend.io 'via Claude Code' framing [19] connects this concern directly to the supply chain context: if an AI coding assistant can be turned into a propagation surface for malicious packages, developer organizations face a compound threat — AI systems capable of attacking newly deployed code faster than human defenders can respond [29], AI tool descriptions that silently redirect agent behavior toward malicious ends [31][32], and supply chain compromise now potentially spanning npm, PyPI, Docker Hub, Trivy, SAP npm packages, AntV, AI coding tools, and government infrastructure. The June 12, 2026 certificate rotation deadline for OpenAI's applications [1] remains weeks away, and the total downstream exposure of the campaign continues to grow.

Timeline

  • 2026-05-05: US Department of Commerce finalizes expanded AI safety-testing agreements with Google, Microsoft, and xAI through NIST's CAISI; Politico reports on federal pre-deployment AI vetting formalization [26][45]
  • 2026-05-11: TeamPCP launches Mini Shai-Hulud campaign via self-spreading worm; 160+ npm and PyPI packages compromised including TanStack; two OpenAI employee devices hit, code-signing certificates exfiltrated [1][2][3]
  • 2026-05-11: Microsoft publishes workplace AI survey; security researchers confirm tool poisoning attacks work silently against Claude, ChatGPT, Cursor, and other major AI assistants [31]
  • 2026-05-13: OpenAI publishes incident response disclosure; mandates app certificate rotation by June 12, 2026 [1]
  • 2026-05-13: Zvi Mowshowitz publishes analysis calling Claude Mythos Preview's autonomous clearance of UK AISI offensive cyber ranges a genuine step-change in AI attack capability [29]
  • 2026-05-13: AISI publishes rate-of-advance analysis on how quickly autonomous AI cyber capability is advancing [21]
  • 2026-05-16: Broad security community coverage amplifies OpenAI/TanStack disclosure; users urged to update macOS apps before June 12 certificate revocation deadline [37][69][70][71][72]
  • 2026-05-18: Reports emerge that TeamPCP targeted Mistral AI in the same campaign and is selling access to Mistral AI's internal source code repositories [73][74][75][76]
  • 2026-05-19: LiteLLM, Telnyx, and Guardrails AI identified as additional compromised packages; campaign scope confirmed at 160+ packages across npm and PyPI [77][58][78][79]
  • 2026-05-19: CVE-2026-33634 formally assigned with CVSS 9.4 critical severity rating; characterized as most impactful CI/CD supply chain attack of 2026 [80]
  • 2026-05-20: Cloud Security Alliance, Datadog Security Labs, and Akamai publish independent technical analyses; GitGuardian notes three separate supply chain attacks hit npm, PyPI, and Docker Hub within a 48-hour window [57][58][59][60]
  • 2026-05-20: GitHub confirms TeamPCP breach of approximately 3,800–4,000 internal repositories; Nx Console version 18.95.0 specifically identified as the poisoned VS Code extension used; BleepingComputer, Varonis, Ox Security, StepSecurity, Aikido Security, The Record, Dark Reading, InfoWorld, and WIRED publish coverage [4][8][5][6][9][10][81][82][83][7][35][36][11]
  • 2026-05-21: CVE-2026-33634 scope expanded to include Trivy container-security scanner ecosystem; LiteLLM publishes official security update; Cycode and Zscaler publish LiteLLM incident analyses; GitLab Advisory Database and Aqua Security publish formal Trivy advisory; LegitSecurity publishes incident response playbooks [84][85][86][87][88][89][14][15][16]
  • 2026-05-22: Mini Shai-Hulud confirmed targeting SAP npm packages; Unit 42 and Datadog Security Labs publish 'Shai-Hulud 2.0' analysis; Kusari and Upwind publish technical dissections of the worm's self-replication mechanism; CISA adds CVE-2026-33634 to Known Exploited Vulnerabilities catalog; Broadcom issues impact assessment for Tanzu Application Platform and Spring Enterprise [52][53][54][55][56][90][12][13]
  • 2026-05-23: Mini Shai-Hulud confirmed hitting AntV data visualization ecosystem with 300+ malicious npm packages; European Commission named alongside OpenAI and Mistral AI as a victim of the 170+ package campaign [17][18]
  • 2026-05-23: Mend.io publishes 'SAP CAP Supply Chain Attack Via Claude Code,' claiming Anthropic's AI coding assistant played a role in the SAP segment of the attack; Onapsis, Wiz, Semgrep, and Endor Labs publish SAP CAP-specific analyses [19][48][49][50][51]

Perspectives

GitHub

Confirmed the breach via the specifically identified Nx Console VS Code extension, maintained that customer data was unaffected, and framed the incident as limited in customer impact while acknowledging the theft of approximately 3,800–4,000 internal repositories

Evolution: Consistent with GitHub's initial confirmation; the identification of Nx Console version 18.95.0 as the specific vector adds technical specificity without changing GitHub's core 'customer data unaffected' framing

OpenAI

Transparency and swift containment: limited blast radius, no customer data or production systems compromised, framing the incident as an industry-wide supply chain threat rather than an OpenAI-specific failure; certificate rotation deadline of June 12 is the actionable user requirement

Evolution: Consistent with OpenAI's practice of proactive security disclosures; the expanding victim list — now spanning GitHub, AntV, and reportedly the European Commission — further validates the 'industry-wide' framing but makes the 'limited blast radius' characterization increasingly difficult to sustain for the campaign as a whole

AISI (UK AI Safety Institute)

Claude Mythos Preview represents a genuine capability threshold — the first AI system to autonomously complete both AISI end-to-end offensive cyber ranges including a 32-step scenario — and the rate at which autonomous AI cyber capability is advancing warrants serious institutional attention

Evolution: AISI moved from implicit endorsement via analyst commentary in earlier coverage to an explicit official stance, publishing both a full evaluation of Mythos and a companion rate-of-advance analysis

Skeptics of Mythos evaluation (cybersecurity commentators)

The AISI evaluation methodology is inconsistent or overstated; the Mythos system card is methodologically problematic; the 'autonomous offensive threshold' framing may not accurately represent the difficulty or controlled conditions of the evaluated tasks

Evolution: New voice in this synthesis; emerged as AISI published its official evaluation and the 'autonomous offensive threshold' framing gained broad traction

Zvi Mowshowitz

Genuinely alarmed by Mythos as a capability threshold requiring a rethink of deployment security cadences; critical of both Commerce-dominated (CAISI) and intelligence-dominated governance proposals as politically captured and insufficiently generalized beyond cybersecurity

Evolution: The CAISI formalization provides a concrete governance target for Zvi's existing critique of politically captured regulatory structures; his concern that the Mythos milestone is being treated as a narrow cybersecurity event rather than a general capability signal is now directly in tension with the CAISI voluntary framework

CAISI / US Department of Commerce

Voluntary but structured pre-deployment safety testing with major AI labs (Google, Microsoft, xAI) through NIST's CAISI is the appropriate US governance posture for frontier AI capabilities

Evolution: New governance voice in this synthesis; CAISI's formalization as the federal AI compliance gate represents the most concrete institutional response yet to the Mythos capability milestone

Mend.io

The SAP CAP segment of the supply chain attack ran 'via Claude Code,' implicating Anthropic's AI coding assistant as a vector or surface in the attack — a claim that, if accurate, expands the threat model beyond package registries and editor extensions to AI coding tools themselves

Evolution: New voice in this synthesis; Mend.io's claim has not been corroborated by independent sources but introduces a significant new question about the attack surface

Institutional security research community (CSA, Datadog, Akamai, ReversingLabs, GitGuardian, Unit 42, WIRED, Snyk, Onapsis, Wiz, Endor Labs, StepSecurity, Varonis, BleepingComputer, LegitSecurity, Semgrep)

TeamPCP is the defining supply chain security event of 2026; the GitHub breach via Nx Console is a qualitative escalation into a new attack surface; the campaign's spread to AntV and reported reach to the European Commission confirms it has no fixed perimeter; Datadog's 'Shai-Hulud 2.0' framing suggests an evolved or successor variant; CISA's KEV listing is an appropriate escalation

Evolution: The institutional response cohort has grown substantially: Snyk (AntV coverage), Onapsis and Wiz (SAP CAP analyses), Semgrep, and BleepingComputer/Varonis/StepSecurity (Nx Console analyses) have joined an already large group; the breadth of institutional response now spans package registries, container security, editor extensions, SAP enterprise tooling, and AI coding tools

The Neuron / Microsoft

Tool poisoning is a serious and underappreciated threat; organizational readiness — not individual AI skill — is the primary bottleneck to safe and valuable AI deployment; growing agent usage amplifies the stakes of each unmitigated attack surface

Evolution: Consistent; the formalization of MCP tool poisoning as CVE-2025-54136 gives the technical concern institutional standing that reinforces this framing

Broad security community (social media and press amplifiers)

The GitHub breach via Nx Console is confirmed and significant; the European Commission's reported exposure elevates the campaign to government-infrastructure level; a separate CVE-2026-45321 reference for TanStack alongside the primary CVE-2026-33634 creates uncertainty about formal scope; TeamPCP's access is treated as ongoing given continued worm propagation

Evolution: Prior unverified claims about the GitHub breach have been confirmed by official sources; the European Commission claim as of this pass remains social-media-sourced and unconfirmed by the EU itself

Tensions

  • GitHub's official framing — 'customer data unaffected' — sits in tension with the scope of 3,800–4,000 internal repositories stolen; security analysts have not accepted the 'limited impact' characterization at face value, since internal repositories almost certainly contain infrastructure configuration, tooling secrets, and unreleased product code whose exposure is not captured by the 'customer data' category [7][35][36][11][8]
  • AISI's official evaluation frames Claude Mythos Preview as reaching an 'autonomous offensive threshold' warranting serious institutional attention, while independent cybersecurity commentators have questioned the evaluation methodology and system card consistency — a debate about whether the milestone is accurately characterized or inflated by the evaluators' framing [20][21][23][24][25]
  • Mend.io's 'via Claude Code' framing introduces AI coding assistants as attack surfaces, while the established analysis of Mini Shai-Hulud has focused on npm/PyPI package poisoning, VS Code extensions, and CI/CD pipeline infection — the two framings are not yet reconciled and may describe different components of the same campaign or may represent an overreach in attribution [19][4][5][6][52][53]
  • The CAISI voluntary pre-deployment framework represents the US government's chosen governance posture for frontier AI capabilities, while Zvi Mowshowitz argues that any governance structure anchored in cybersecurity is politically captured and fails to treat the Mythos milestone as the general capability threshold it represents — requiring a fundamentally different response than a cybersecurity-specific compliance regime [26][28][29]
  • Standard supply chain remediation guidance focuses on package registries (npm, PyPI, Docker Hub), but the VS Code extension attack vector targets developer machines directly — a fundamentally different and harder-to-audit surface — creating a gap between the remediation advice currently being given and the actual scope of compromise [4][5][6][59][60]
  • OpenAI frames the TanStack incident as an industry-wide supply chain shift with limited blast radius, but the identification of GitHub, AntV, and reportedly the European Commission as additional compromised targets — all infrastructure layers used far beyond the AI developer toolchain — suggests downstream exposure substantially wider than OpenAI's framing implied [1][17][18][7]

Sources

  1. [1] Our response to the TanStack npm supply chain attack — OpenAI Blog (2026-05-13)
  2. [2] Mini Shai-Hulud: TeamPCP compromette 160+ pacchetti npm e PyPI in un supply chain attack che ha colpito TanStack, Mistra... — reactive:ai-security-nexus (2026-05-19)
  3. [3] A Self-Spreading Supply Chain Attack Compromises TanStack npm ... — reactive:ai-security-nexus
  4. [4] Nx Console 18.95.0 Incident: How TeamPCP Breached GitHub — reactive:ai-security-nexus
  5. [5] Nx Console VS Code Extension Compromised - StepSecurity — reactive:ai-security-nexus
  6. [6] GitHub confirms breach of 3,800 repos via malicious VSCode ... — reactive:ai-security-nexus
  7. [7] GitHub confirms being hacked by TeamPCP, says customer data ... — reactive:ai-security-nexus
  8. [8] GitHub Breach via Malicious VS Code Extension: What You Need to ... — reactive:ai-security-nexus
  9. [9] GitHub breached via a malicious VS Code extension - Aikido Security — reactive:ai-security-nexus
  10. [10] The Wild West of VS Code extensions and how a poisoned ... — reactive:ai-security-nexus
  11. [11] A Hacker Group Is Poisoning Open Source Code at an ... - WIRED — reactive:ai-security-nexus
  12. [12] CISA Adds Trivy CVE-2026-33634 to KEV: Patch Supply Chain Risk ... — reactive:ai-security-nexus
  13. [13] Impact Assessment: Aqua Security Trivy Supply Chain Compromise (CVE-2026-33634) on Tanzu Application Platform and Spring Enterprise — reactive:ai-security-nexus
  14. [14] Trivy ecosystem supply chain was briefly compromised | GitLab Advisory Database (GLAD) — reactive:ai-security-nexus
  15. [15] Trivy ecosystem supply chain temporarily compromised · Advisory · aquasecurity/trivy · GitHub — reactive:ai-security-nexus
  16. [16] The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond — reactive:ai-security-nexus
  17. [17] Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages ... - Snyk — reactive:ai-security-nexus
  18. [18] 170 npm packages compromised in one coordinated supply chain attack — OpenAI, Mistral AI, even the European Commission g... — reactive:ai-security-nexus (2026-05-23)
  19. [19] Shai Hulud: SAP CAP Supply Chain Attack Via Claude Code — reactive:ai-security-nexus
  20. [20] Our evaluation of Claude Mythos Preview's cyber capabilities — reactive:frontier-ai-cyber-capabilities
  21. [21] How fast is autonomous AI cyber capability advancing? — reactive:ai-offensive-cyber (2026-05-13)
  22. [22] Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos | CyberScoop — reactive:ai-security-nexus
  23. [23] Claude Mythos and the AI Autonomous Offensive Threshold — reactive:frontier-ai-cyber-capabilities
  24. [24] Anthropic's Mythos Claims Questioned by Cybersecurity Insider — reactive:frontier-ai-cyber-capabilities
  25. [25] Why Claude Mythos system card is a mess - Part 3, about ... - Reddit — reactive:ai-security-nexus
  26. [26] US government expands vetting of frontier AI models for security risks — reactive:ai-security-nexus
  27. [27] CAISI becomes US AI pre-deployment gate | Kenneth Foster posted ... — reactive:ai-security-nexus
  28. [28] Kicking the Tires: A Voluntary Path to Pre-deployment AI Vetting | Lawfare — reactive:claude-mythos-capability-regulation
  29. [29] Cyber Lack of Security and AI Governance — Zvi's AI Roundups (2026-05-13)
  30. [30] MCP Tool Poisoning (CVE-2025-54136): A Structural Vulnerability in Agent Context — reactive:ai-security-nexus
  31. [31] 😺 Microsoft: your company is the AI bottleneck — The Neuron (2026-05-11)
  32. [32] MCP Security Notification: Tool Poisoning Attacks — reactive:ai-security-nexus
  33. [33] Poison everywhere: No output from your MCP server is safe — reactive:ai-security-nexus
  34. [34] The TanStack npm supply chain attack (CVE-2026-45321) is wild. — reactive:ai-security-nexus (2026-05-22)
  35. [35] GitHub admits major source code leak after 3800 internal ... - InfoWorld — reactive:ai-security-nexus
  36. [36] GitHub Confirms Breach, 4K Internal Repos Stolen - Dark Reading — reactive:ai-security-nexus
  37. [37] OpenAI caught NPM supply chain chaos after employeedevices compromised — reactive:ai-security-nexus (2026-05-16)
  38. [38] OpenAI asks macOS users to update after TanStack npm ... — reactive:ai-security-nexus
  39. [39] TanStack Supply Chain Attack Hits Two OpenAI Employee Devices ... — reactive:ai-security-nexus
  40. [40] AISI: Claude Mythos First AI to Solve 32-Step Cyber Attack Range — reactive:ai-security-nexus
  41. [41] New Claude Mythos becomes the first AI model to clear all cyberattack simulations from Britain's AI safety agency — reactive:ai-security-nexus
  42. [42] Claude Mythos Preview Completes Cyber Range End-to-End — reactive:ai-security-nexus
  43. [43] We conducted cyber evaluations of Claude Mythos Preview and ... — reactive:ai-security-nexus
  44. [44] Claude Mythos Preview becomes the first model to solve both of the ... — reactive:ai-security-nexus
  45. [45] Pre-Deployment AI Evaluation Moves From China's Model To ... — reactive:ai-deployment-misalignment-risk
  46. [46] Center for AI Standards and Innovation (CAISI) | NIST — reactive:ai-security-nexus
  47. [47] Malicious VS code extensions and the new developer supply-chain threat — reactive:ai-security-nexus
  48. [48] Emerging Supply Chain Attack ("Mini Shai-Hulud") Targeting SAP Cloud Application Programming Ecosystem - Onapsis — reactive:ai-security-nexus
  49. [49] Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware | Wiz Blog — reactive:ai-security-nexus
  50. [50] SAP Cloud Build Tool Packaged A Mini Shai-Hulud Malicious Dependency That Uses Bun | Semgrep — reactive:ai-security-nexus
  51. [51] Mini Shai-Hulud: npm Worm Hits SAP Developer Packages | Blog | Endor Labs — reactive:ai-security-nexus
  52. [52] Shai Halud: What is Shai-Hulud? Definition & Explanation of the Self-Replicating npm Worm | Kusari® — reactive:ai-security-nexus
  53. [53] Mini Shai-Hulud npm Worm: Dissecting a Multi-Vector Supply Chain Attack - Upwind — reactive:ai-security-nexus
  54. [54] Mini Shai-Hulud: Multi-Ecosystem Developer Supply Chain Attack – Lab Space — reactive:ai-security-nexus
  55. [55] "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain ... — reactive:ai-security-nexus
  56. [56] The Shai-Hulud 2.0 npm worm: analysis, and what you need to know | Datadog Security Labs — reactive:ai-security-nexus
  57. [57] TeamPCP: Cascading Supply Chain Attack on AI/ML Tooling – Lab Space — reactive:ai-security-nexus
  58. [58] LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP ... — reactive:ai-security-nexus
  59. [59] The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP ... — reactive:ai-security-nexus
  60. [60] No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and ... — reactive:ai-security-nexus
  61. [61] GitHub Breach Linked To Malicious VS Code Extension ... - LinkedIn — reactive:ai-security-nexus
  62. [62] RT @IntCyberDigest: ‼️🚨 This is wild. OpenAI just confirmed it got hit in the TanStack npm supply chain attack, and the ... — reactive:ai-security-nexus (2026-05-23)
  63. [63] GitHub Confirms 3,800-Repo Breach Traced to TanStack npm Supply Chain Worm #cybersecurity #supplychain #GitHub #OpenAI #... — reactive:ai-security-nexus (2026-05-21)
  64. [64] RT @IntCyberDigest: ‼️🚨 This is wild. OpenAI just confirmed it got hit in the TanStack npm supply chain attack, and the ... — reactive:ai-security-nexus (2026-05-21)
  65. [65] OpenAI a publié son retour sur l'attaque supply chain TanStack npm. — reactive:ai-security-nexus (2026-05-20)
  66. [66] 1:10 TanStack/npm Supply Chain Worm Hits 170+ Packages, Reaches OpenAI @tan_stack @tannerlinsley @OpenAI @npm — reactive:ai-security-nexus (2026-05-20)
  67. [67] هجوم supply chain "‌Mini Shai-Hulud" من TeamPCP اخترق 170 حزمة npm وPyPI، بينها @tanstack/react-router بـ 12 مليون تحميل... — reactive:ai-security-nexus (2026-05-19)
  68. [68] Supply chain attacks on npm packages are not a new threat — but watching one hit OpenAI employees via TanStack is a remi... — reactive:ai-security-nexus (2026-05-19)
  69. [69] OpenAI impose une mise à jour macOS après une attaque supply chain ayant touché TanStack, des paquets npm et plusieurs a... — reactive:ai-security-nexus (2026-05-16)
  70. [70] OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack via @knolinfos https://t.co/gORBgXYLpY — reactive:ai-security-nexus (2026-05-16)
  71. [71] 🚨 OPENAI EMPLOYEE DEVICES COMPROMISED — reactive:ai-security-nexus (2026-05-16)
  72. [72] OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack https://t.co/hyRTbyclv2 — reactive:ai-security-nexus (2026-05-16)
  73. [73] TeamPCP vende repo Mistral AI dopo attacco TanStack su OpenAI — reactive:ai-security-nexus (2026-05-18)
  74. [74] TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai ... — reactive:ai-security-nexus
  75. [75] Hackers Put Mistral AI Source Code Up for Sale After Supply Chain Attack — reactive:ai-security-nexus
  76. [76] TeamPCP Claims Sale of Internal Mistral AI Repositories Amid Mini ... — reactive:ai-security-nexus
  77. [77] Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages — reactive:ai-security-nexus
  78. [78] TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack - Infosecurity Magazine — reactive:ai-security-nexus
  79. [79] Mistral AI among npm, PyPI packages hit by Mini Shai Hulud — reactive:ai-security-nexus
  80. [80] GitHub - ugurrates/teampcp-supply-chain-attack: CVE-2026-33634 (CVSS 9.4) — The most impactful CI/CD supply chain attack of 2026 so far. · GitHub — reactive:ai-security-nexus
  81. [81] VS Code Extension Malware: How TeamPCP Breached GitHub — reactive:ai-security-nexus
  82. [82] TeamPCP breached GitHub's internal codebase via poisoned VS ... — reactive:ai-security-nexus
  83. [83] GitHub Breach May 2026: All You Need to Know | Axipro — reactive:ai-security-nexus
  84. [84] NVD - CVE-2026-33634 — reactive:ai-security-nexus
  85. [85] LiteLLM Supply Chain Attack: What Happened and How to Respond — reactive:ai-security-nexus
  86. [86] Trivy and LiteLLM Supply Chain Incident (CVE-2026-33634) Update — reactive:ai-security-nexus
  87. [87] Security Update: Suspected Supply Chain Incident | liteLLM — reactive:ai-security-nexus
  88. [88] CVE-2026-33634 - CVE Record — reactive:ai-security-nexus
  89. [89] Endor Patches | CVE-2026-33634, Trivy ecosystem supply chain was briefly compromised — reactive:ai-security-nexus
  90. [90] Mini Shai-Hulud Targets SAP npm Packages - Upwind Security — reactive:ai-security-nexus