Briefing communicationsfinance
TeamPCP's Mini Shai-Hulud: The Developer Supply Chain Worm That Hit GitHub, OpenAI, and Mistral — Then Went Public
The Mini Shai-Hulud npm worm has expanded well beyond the initial TanStack compromise to breach GitHub's internal infrastructure, compromise devices at OpenAI and Mistral AI, and poison 600+ packages across 16 million weekly downloads — before its authors open-sourced it on BreachForums.