InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing ...
Bleeping Computer

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud ...
Bleeping Computer

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
Infosecurity-magazine.com

Grafana Labs Says Code Breach Stemmed from TanStack Attack

A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.
Searchenginejournal.com

Microsoft Clarity Now Shows Grounding Queries Behind AI Citations

When Microsoft Clarity made AI citations available to all users, it opened up a new playground for SEOs to harvest AI visibility data. Finally, we can see the exact “grounding queries” an AI engine ...