The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
InfoWorld

10 tips for getting better R code from your AI coding agent

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...
Hosted on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
GitHub

Zero-dependency CLI scanner for npm and PyPI supply chain compromises.

On May 11, 2026, a self-propagating supply chain worm dubbed Mini Shai-Hulud (CVE-2026-45321, GHSA-g7cv-rxg3-hmpx) compromised the npm ecosystem. Attributed to TeamPCP (aka DeadCatx3, PCPcat, ...
Mint

OpenAI says no user data stolen after supply-chain hackers accessed employee devices

OpenAI has said it found no evidence that user data was accessed following a security issue linked to a supply-chain attack involving the open-source TanStack npm library. The company said in a ...
LinkedIn

Mini Shai-Hulud: The npm Worm Hitting TanStack, Mistral AI, and UiPath. What You Need to Know

On May 11, 2026, at 19:20 UTC, something happened in the npm ecosystem that the security industry has been warning about for years. And almost nobody was prepared for. In six minutes, 84 malicious ...
Security Boulevard

Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave

The post Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave appeared first on Mend. This is a continuation of the original Shai-Hulud campaign that first targeted SAP CAP ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...
Yahoo Finance

UiPath’s Q4 Earnings Call: Our Top 5 Analyst Questions

UiPath’s fourth quarter results surpassed Wall Street’s revenue and non-GAAP profit expectations, but the market responded negatively as concerns emerged around the sustainability of growth and the ...
Investing

Earnings call transcript: UiPath Q4 2026 sees revenue beat despite EPS miss

I will now hand the call over to Daniel Dines. Daniel Dines, Chief Executive Officer, UiPath: Hello, everyone. Thank you for coming back after our outage with the service provider for our investor ...