Crypto Security Report: May 2026
Featuring the Mini Shai-Hulud supply chain attack across npm and PyPI, the first AI prompt injection exploit draining $204K from a live crypto wallet, the Clear Signing initiative contribution, a…
Read the full articleYou might also wanna read
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
A new npm supply chain attack self-branded "Mini Shai-Hulud" compromised four SAP-ecosystem packages on April 29, 2026. Snyk has live adviso

TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistra
Post-Mortem Analysis: How Our Company Was Compromised by the Shai-Hulud 2.0 npm Supply Chain Worm
On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and
Shai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has n
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec

Comments
Sign in to join the conversation.
No comments yet. Be the first.