Summary
A massive supply chain attack named Mini Shai-Hulud compromised over 320 NPM packages, including the @antv ecosystem, to steal cloud credentials and CI/CD secrets. The malware uses worm-like propagation and remote execution to impact millions of downstream users and development environments.
Take Action:
If your project uses any @antv packages, echarts-for-react, size-sensor, timeago.js, or other affected libraries, immediately audit installs from May 19, 2026 onward, rotate all developer and CI/CD credentials (GitHub, npm, AWS, Kubernetes, Vault, SSH, Docker, database), and block outbound traffic to t[.]m-kosche[.]com. Going forward, pin exact package versions, run installs with --ignore-scripts, and check for unexpected GitHub repos under developer accounts.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)