TI Mindmap HUB
Threat Intelligence Report

Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised

📅 May 12, 2026 📰 www.wiz.io 🔍 0 CVE(s) referenced

A sophisticated supply chain attack by TeamPCP has compromised dozens of npm and PyPI packages—including TanStack and UiPath—deploying a credential-stealing worm that spreads across developer ecosystems, installs destructive persistence, and exfiltrates secrets via resilient, multi-channel C2 infrastructure.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle