Six minute supply chain blitz pushed 84 malicious versions with credential theft and disk wiping code An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai Hulud campaign .Supply chain security company Socket reports that other compromised packages include the OpenSearch...
