TL;DR
Recent attacks compromised Mistral AI and TanStack packages, injecting malicious code that may have exposed developer credentials and infrastructure. Authorities are investigating, and affected organizations are advised to act quickly.
Microsoft Threat Intelligence confirmed that attackers compromised the mistralai PyPI package, injecting malicious code that downloads and executes malware on Linux systems, in what appears to be part of a broader supply chain attack targeting developer ecosystems.
On May 12, 2026, Microsoft disclosed that the mistralai Python package version 2.4.6 contained malicious code within its __init__.py file, which silently downloaded a secondary payload from a remote IP address and executed it on Linux systems. The payload, disguised as transformers.pyz, is believed to be part of a larger campaign linked to the ongoing ‘Mini Shai-Hulud’ supply chain attack, which has also targeted popular JavaScript packages from the TanStack ecosystem.
Security firm Aikido reported that multiple packages, including @tanstack/react-router, @tanstack/history, and @tanstack/router-core, had been compromised in two attack waves, beginning around 19:20 UTC. These packages are used extensively in web development and have tens of millions of downloads weekly. Additionally, several Mistral npm SDK packages, such as @mistralai/mistralai, @mistralai/mistralai-azure, and @mistralai/mistralai-gcp, were also affected.
Why It Matters
This incident underscores the growing threat of supply chain attacks targeting developer tools and dependencies, which can lead to widespread exposure of sensitive credentials such as GitHub tokens, cloud API keys, and CI/CD secrets. The compromise of trusted packages can enable attackers to infiltrate large-scale applications, cloud environments, and enterprise networks, increasing the risk of data breaches, credential theft, and further malware distribution.
Thetis Nano-A FIDO2 Security Key Hardware Passkey Device with USB Type A, TOTP/HOTP, FIDO2.0 Two Factor Authentication 2FA MFA, Works with Windows/mac/iOS/Android/Linux/Gmail/Facebook/GitHub/Coinbase
Ultra-Compact FIDO2 Security Key – Plug-and-stay or carry on a keychain. This USB-A hardware security key offers portable,…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Recent years have seen an increase in supply chain attacks, including high-profile incidents like SolarWinds and the event-stream npm compromise. The current wave appears to focus on AI tooling, cloud SDKs, and frontend frameworks, with attackers aiming to steal credentials and gain persistent access to developer environments. Microsoft has not officially linked the PyPI attack to the Mini Shai-Hulud campaign but notes similarities in attack patterns, including staged payload downloads and credential theft.
“The malicious code in mistralai silently downloads and executes secondary payloads on Linux systems, indicating a targeted and sophisticated supply chain attack.”
— Microsoft Threat Intelligence
“The compromised TanStack packages are part of a broader attack campaign that also affected Mistral SDKs, emphasizing the scale and coordination of this supply chain breach.”
— Aikido Security
credential management tools for developers
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether the PyPI compromise is directly linked to the Mini Shai-Hulud campaign or if other threat actors are involved. The full extent of credential exposure and the number of affected organizations are still under investigation, and additional compromised packages may be identified as security teams continue audits.
Meyerascal White Cloud Magnetic Key Holder for Wall, Strong Magnetic to Securely Hang Multiple Keys and Keychain, Novelty Cute Home Decorations, Easy to Install and Convenient to Use. (White)
【Safe Materrial】Made of ABS (plastic), which has higher strength and toughness than general plastics, built-in magnetic strong magnet,…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Authorities and security researchers will continue analyzing the attack vectors and malicious payloads. Organizations are advised to isolate affected Linux hosts, rotate all potentially exposed credentials, and monitor for indicators such as /tmp/transformers.pyz. Further updates on the scope and impact are expected as investigations progress.
IoT Supply Chain Security Risk Analysis and Mitigation: Modeling, Computations, and Software Tools (SpringerBriefs in Computer Science)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What packages were affected by the attack?
Confirmed affected packages include mistralai PyPI v2.4.6, as well as several TanStack JavaScript packages like @tanstack/react-router, @tanstack/history, and @tanstack/router-core. Mistral SDK packages on npm were also compromised.
What are the main risks from this compromise?
The primary risks include credential theft (GitHub tokens, cloud keys), malware propagation, and potential access to enterprise systems. The malicious code downloads secondary payloads that can execute on Linux systems, which are common in cloud and server environments.
What should affected organizations do now?
Organizations should immediately rotate all exposed credentials, isolate compromised Linux hosts, block outbound connections to malicious IPs, and search for indicators like /tmp/transformers.pyz. Continued monitoring and security audits are recommended.
Is this attack linked to other recent supply chain breaches?
While Microsoft has not officially confirmed a direct link to the Mini Shai-Hulud campaign, similarities in attack techniques suggest a possible connection. The broader context indicates a rising trend of targeting developer infrastructure.
