Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials…

1 / 6

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'  malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Tom's Hardware·https://www.tomshardware.com/author/etiido-uko·21 days ago

#2qX0YAeM

#microsoft #nvidia #benchmarking #intelarc #mistralai #package

Reading 0:00

15s threshold

(Image credit: Getty Images) Microsoft Threat Intelligence said in an X post on Monday that it is investigating a compromise of the mistralai PyPI package after attackers reportedly injected malicious code that automatically executed on import, downloaded a secondary payload disguised as transformers.pyz, and launched malware on Linux systems — the latest incident researchers believe may be linked to the broader “ Mini Shai-Hulud ” software supply-chain campaign targeting developer ecosystems. According to Microsoft, the compromised mistralai package version 2.4.6 contained malicious code inserted into mistralai/client/__init__.py that silently downloaded a file from a remote IP address to /tmp/transformers.pyz and executed it in the background whenever the package was imported on Linux machines. Microsoft is investigating mistralai PyPI package v2.4.6 compromise.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'&nbsp; malware infection &mdash; supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire