Real-time global intelligence

For informational and entertainment purposes only. Not investment advice.

Platform

Brief
Signals
Countries
Companies
Industries
Themes
Scenarios
Rankings

Tools

Globe
Analytics
Crises
Clusters
Supply Chain
Alliances
Screener
Watchlist
Portfolio

Developer

API Reference
Developer Keys
Webhooks
Status

Sources

View all sources →

1,000+ tracked sources

Signals updated every 15 minutes

Not investment advice. OpenWatch is provided for informational and entertainment purposes only. While we strive for accuracy, precision, and source attribution in all intelligence assessments, geopolitical analysis involves inherent uncertainty and our conclusions may be incomplete, delayed, or incorrect. Nothing on this platform constitutes financial, investment, legal, or professional advice of any kind. Forward-looking scenarios and probability estimates are analytical hypotheses — not independently validated forecasts. Any actions taken based on information found here are solely your responsibility. Always consult a qualified financial advisor before making investment decisions. Past signal patterns do not guarantee future outcomes.

Methodology
Privacy Policy
Terms of Use

openwatch.io

v·6517515

OpenWatch

Signal Search

Search across all ingested intelligence signals. Supports websearch syntax: AND OR "exact phrase" -exclude

Keywords

Threat Layer

Military Cyber Economic Disaster Political Criminal Health Supply Chain

Signal Type

Any Crisis Update Resolution

Region

Country

Min. Severity

Any ≥ 3 ≥ 5 ≥ 7 ≥ 9

Date Range

Clear all filters

Sort by

Severity Newest

↓Export CSV (requires API key)

4 results for "the Mini Shai-Hulud"

Page 1 of 1

MilitaryCrisis🇺🇸United States4d ago

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly

4.5/10·The Hacker News

Primary Source ↗Details →

Military

Crisis

🇺🇸United States

11d ago

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution

3.9/10·The Hacker News

Primary Source ↗Details →

MilitaryCrisis🇲🇱Mali8d ago

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to

3.5/10·The Hacker News·Mali

Primary Source ↗Details →

CyberUpdate🇺🇸United States4d ago

Since the last update , the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. 

3.1/10·SANS Internet Storm Center

Primary Source ↗Details →