Cache-poisoning caper turns TanStack npm packages toxic


An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.

The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection

    March 27, 2025

    SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection (SSTI), allowing a remote attacker with access to the Strapi admin panel to bypass validation checks ...

  • Ukraine state railway says online services partially restored after cyber attack

    March 27, 2025

    Ukraine’s state-owned railway Ukrzaliznytsia, the country’s largest carrier, has partially restored online services after a large-scale cyber attack hit passenger and freight transport systems, the company said on Thursday. An outage was first reported on Sunday when the rail company notified passengers about a failure in its IT system and told them to buy tickets on ...

  • UK MoD probes security breach after documents relating to Catterick Garrison found dumped in street

    March 26, 2025

    The Ministry of Defence is investigating after a cache of documents containing sensitive military information was found discarded in the street. The papers, some marked “official – sensitive”, were discovered spilling out of a black bin bag in the Scotswood area of Newcastle on March 16 . The BBC reported that they include details about soldiers’ ...

  • UK supermarket Morrisons’ sales growth slows after cyber attack

    March 26, 2025

    British supermarket group Morrisons’ sales growth slowed in its first quarter, reflecting a previously flagged cyber attack at its technology provider which disrupted its operations. The UK’s fifth largest grocer, which has been owned by U.S. private equity firm Clayton, Dubilier & Rice since 2021, said on Wednesday its like-for-like sales rose 2.1% in its quarter ...

  • Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

    March 25, 2025

    In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...

  • KLIA operations not affected after Malaysian airport hit by cyber attack

    March 25, 2025

    Operations at the Kuala Lumpur International Airport (KLIA) were not affected by a cyber attack by hackers who demanded US$10 million (S$13.4 million). In a joint statement on March 25, the National Cyber Security Agency (Nacsa) and Malaysia Airports Holdings Berhad (MAHB) said they detected a cyber-security threat affecting certain computer systems at KLIA on March ...