SlowMist|5月 22, 2026 09:04
We combed through the full attack chain behind the Shai-Hulud / Mini Shai-Hulud supply chain attacks since May 2026.
From the collapse of TanStack’s CI/CD trust boundary, to the malicious Nx Console VS Code extension, and later the @antv, PyPI durabletask, and GitHub internal private repository breach incidents, the attackers completed coordinated lateral expansion across npm, PyPI, IDE extensions, and cloud environments within roughly a week.
⚠️This was not a series of isolated incidents, but a mature attack pipeline built around “trusted release channels → credential harvesting → lateral propagation.”
Read the full analysis and incident breakdown 🔎
https://slowmist.medium.com/black-may-serial-attacks-the-full-story-of-the-github-breach-6aec92911446(SlowMist)
Share To
HotFlash
APP
X
Telegram
CopyLink