New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
IT News For Australia Business

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft package being among the latest target of worm-like malware that steals ...
Morning Overview on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
Cfr.org

Informing U.S. engagement with the world

The U.S. pharmaceutical supply chain faces a threat equal to the “rare earths” challenge already posed by China. This report, convened by CFR’s Global Health Program and the China Strategy Initiative, ...
Transparency International

Corruption Perceptions Index 2022

The 2022 Corruption Perceptions Index (CPI) shows that most countries are failing to stop corruption. The CPI ranks 180 countries and territories around the world by their perceived levels of public ...
The New York Times

New York Times - Top Stories

U.S. Inflation Jumps as Iran War Intensifies Price Squeeze Consumer prices rose at a faster rate for a third-straight month in May, to 4.2 percent annually, as the energy shock put more pressure on ...
Transparency International

Corruption Perceptions Index 2023

The 2023 Corruption Perceptions Index (CPI) shows that corruption is thriving across the world. The CPI ranks 180 countries and territories around the globe by their perceived levels of public sector ...
Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
MarketWatch

U.S. Dollar Index (ICE US) Front Month

2-Year U.S. Treasury Note Continuous Contract $103.066 0.012 0.01% 5-Year U.S. Treasury Note Continuous Contract $106.758 0.023 0.02% 10-Year U.S. Treasury Note Continuous Contract $109.234 0.016 0.01 ...
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...