Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Mini Shai-Hulud worm compromises 169 npm packages including TanStack Mistral AI; TeamPCP uses stolen OIDC tokens.
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Morning Overview on MSN
A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs
On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...
If you have a JavaScript (*.js) file containing code, it's not unusual for your code to reference code held in another JavaScript file. If you're using more recent versions of Visual Studio, you'll ...
14th May 2026: We added new Type Soul codes. Type Soul is a Roblox game based on the popular anime series Bleach. The experience originally launched around the time that Part 2 of the Thousand Year ...
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new ...
The helper's sole function is to invoke the browser's IElevator2 COM interface, introduced in Chrome 144, to recover the ...
12th May 2026: We added new Genshin Impact codes. Like a lot of free-to-play games, Genshin Impact has an in-game currency called Primogems that you'll find yourself quickly spending on Wish Items and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results