ADVERTISEMENT

Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks

Hundreds of malicious packages are being flagged in NPM and PYPI repositories, including those from TanStack and Mistral, which are hugely popular. A broad hacking campaign is targeting millions of developers: malware steals credentials and wipes all data when it’s done.

npm package compromise

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 12, 2026 Updated: 13 May 2026 4 min read

Listen to this article

0:00
0:00
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

The compromise was identified in minutes

Who’s behind the attacks?

ADVERTISEMENT

What is the malware capable of?

How to protect yourself?


ADVERTISEMENT