{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib6cv6jcikz6n7cvnnshb32e5veu7y4caygsrn2eog6xqna45alce",
    "uri": "at://did:plc:ajcrkmnlj6rxdk7rltijv227/app.bsky.feed.post/3mlnw6bduoga2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreibp3aojkpmslbyeydyh52pym3p26ead6h42vvm7pdnpajtus2h2uu"
    },
    "mimeType": "image/jpeg",
    "size": 183664
  },
  "path": "/tech-industry/cyber-security/compromised-mistral-ai-and-tanstack-packages-may-have-exposed-github-cloud-and-ci-cd-credentials-in-mini-shai-hulud-malware-infection-supply-chain-campaign-spreads-across-npm-and-ai-developer-ecosystems-like-wildfire",
  "publishedAt": "2026-05-12T11:53:04.000Z",
  "site": "https://www.tomshardware.com",
  "tags": [
    "Cybersecurity",
    "Tech Industry"
  ],
  "textContent": "Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and Mistral SDKs to the broader “Mini Shai-Hulud” supply-chain campaign.",
  "title": "Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire"
}