Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

SITREP: A supply-chain attack has been identified involving the malicious TanStack and Mistral npm packages, which have compromised hundreds of packages on npm and PyPI. This campaign is delivering credential-stealing malware specifically targeting developers. TACTICAL ASSESSMENT: The attack highlights vulnerabilities in software supply chains, posing significant risks to developers and organizations relying on these packages. Strategically, this could lead to increased scrutiny and potential regulatory actions regarding software security practices. PROJECTED VECTORS: Future attacks may escalate as threat actors exploit additional vulnerabilities in widely used software packages.