Security News Mistral AI among many others compromised!

Khushal · May 12, 2026

TL;DR
A coordinated supply chain attack on May 11, 2026 compromised over 170 npm packages and 2 PyPI packages, totaling 404 malicious versions. The attacker hit the entire TanStack router ecosystem (42 packages), Mistral AI’s SDK suite (on both npm and PyPI), UiPath’s automation tooling (65 packages), OpenSearch (1.3M weekly npm downloads), and Guardrails AI (PyPI). This is one of the largest coordinated registry poisoning events observed in 2026, and the first to span both npm and PyPI in a single campaign.

Affected packages include (full list in appendix):

Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages

Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.

safedep.io

Spiff · May 12, 2026

@Khushal,
Is there any reason to post the subject line in all caps?

Khushal · May 12, 2026

Spiff said:
@Khushal,
Is there any reason to post the subject line in all caps?

No it was just to grab attention albeit it can be an eyesore for some!

The_King · May 12, 2026

Khushal said:
No it was just to grab attention albeit it can be an eyesore for some!

Personally, I find all-caps easier to read, but I know it can be a bit polarizing for some people. It’s never bothered me, but it’s probably worth checking the forum rules to see if they have specific guidelines for headings.

Also, with the rise in supply chain attacks, I’ve actually started hesitating to update anything lately.

Spiff · May 12, 2026

The_King said:
it’s probably worth checking the forum rules to see if they have specific guidelines for headings.

Not specific for headers, but the forum rules state:
Important Notes
Other general rules include:
Excessive text formatting (bold, caps, font size) is not allowed. Use text formatting to highlight short passages only.

Regardless of whether it is allowed or not, netiquette says it is better not to use all caps. It is frowned upon.

lokamoka820 · May 12, 2026

@Spiff
If I understand correctly the issue of writing the subject title in capital letters, you might use the new theme, as it uses capital letters by default. Here is the subject title in both themes:

New theme:

Screenshot 2026-05-12 at 17-21-02 Security News - Mistral AI among many others compromised! Ma...png

Old theme:

Screenshot 2026-05-12 at 17-21-44 Security News - Mistral AI among many others compromised! Ma...png

harlan4096 · May 12, 2026

I edited

Search

Search

Security News Mistral AI among many others compromised!

Khushal

Level 15

Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages

Spiff

Level 2

Khushal

Level 15

The_King

Level 12

Spiff

Level 2

lokamoka820

Level 46

harlan4096

Super Moderator

You may also like...