Major Malware Attack Hits Hundreds of Open-Source Software Packages

Massive cyberattack "mini Shai-Hulud" targets popular open-source packages, stealing cloud credentials and exposing software vulnerabilities.

By Content Team

May 13, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A massive cyberattack called "mini Shai-Hulud" infected hundreds of popular open-source software packages, including TanStack's React Router with over 12 million weekly downloads. The malware, created by cybercriminal group TeamPCP, steals credentials from cloud services like AWS and Google Cloud by hijacking automated publishing systems.

The attack bypassed two-factor authentication and carried valid digital signatures, making it nearly undetectable. The malware embeds itself in developer tools like Visual Studio Code and disguises stolen data as anonymous messaging traffic through the Session app.

Security experts urge anyone who downloaded affected packages on Monday to immediately change all cloud, server, and developer credentials. The incident exposes critical vulnerabilities in how the software industry consumes open-source code.

Source: CyberScoop

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Tennessee Man Pleads Guilty to Hacking Supreme Court Filing System 25 Times

Jan 18, 2026

Microsoft Patches Actively Exploited Office Zero-Day Vulnerability

Jan 27, 2026

Canvas Learning Platform Hit by Major Cyberattack During Finals Week

May 8, 2026

Critical FreeScout Bug Allows Zero-Click Server Takeover

Mar 5, 2026