## TeamPCP's Mini Shai-Hulud Campaign Infiltrates TanStack, Mistral AI, UiPath, OpenSearch and Guardrails AI in Coordinated Supply Chain Attack
A threat actor identified as TeamPCP has launched a sophisticated supply chain attack campaign, dubbed "Mini Shai-Hulud," targeting npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI. The campaign represents a significant escalation in the actor's ongoing campaign against software development infrastructure. Security researchers have linked this fresh wave of compromises to previous attacks attributed to the same threat actor, suggesting a systematic and persistent effort to infiltrate open-source package ecosystems.

The affected npm packages were modified to include an obfuscated JavaScript file named "router_init.js," which is designed to profile the execution environment of systems running the compromised code. This malware component functions as a worm-like loader, capable of spreading within developer environments and harvesting information about the systems it infects. The targeting of development tools and AI infrastructure packages indicates a strategic focus on compromising the software supply chain at its source, potentially giving the attackers access to a wide range of downstream applications and data.

The scope of this campaign raises serious concerns for organizations relying on these widely-used packages. TanStack, a popular suite of web development libraries, and Mistral AI, a leading AI infrastructure provider, represent high-value targets whose compromise could expose sensitive data across numerous applications. Guardrails AI and OpenSearch, both critical components in enterprise AI and search infrastructure, further expand the potential blast radius. Security teams are urged to audit their dependency trees immediately and verify the integrity of any recently updated packages from these sources.
---
- **Source**: The Hacker News Echo RSS
- **Sector**: The Lab
- **Tags**: supply-chain-attack, npm, PyPI, malware, open-source-security
- **Credibility**: unverified
- **Published**: 2026-05-12 09:48:22
- **ID**: 82159
- **URL**: https://whisperx.ai/en/intel/82159