CyberInfoSec — Security Research & Intelligence

Category Uncategorized

Uncategorized

Mini Shai-Hulud Supply Chain Attack: @tanstack/react-router npm Packages Compromised

TeamPCP's Mini Shai-Hulud campaign published 84 malicious versions across 42 @tanstack npm packages on May 11 2026, including @tanstack/react-router. The self-propagating worm stole credentials via OIDC memory extraction, poisoned GitHub Actions caches, and carried valid SLSA Build Level 3 provenance. Here is the full technical breakdown.

2026-05-12

Uncategorized

Welcome to CyberInfoSec

Welcome to CyberInfoSec, an independent blog covering the latest in malware analysis, threat intelligence, CVE breakdowns, and hands-on security research. Stay tuned for in-depth technical articles, reverse engineering walkthroughs, and CTF writeups.

2026-05-12