Cyber-Crime Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign . Supply chain security company Socket reports  that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI. Malicious npm packages for TanStack, an open source application stack, were published between 19:20 and 19:26 UTC on May 11. The attack was detected and reported  within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub published a security advisory  at 21:30 UTC, including a list of affected packages.…