https://cybercrime.club/tags/tanstack/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usTue, 12 May 2026 23:08:45 -0400https://cybercrime.club/posts/mini-shai-hulud-wave4-tanstack-oidc-slsa-provenance-bypass-cve-2026-45321/Tue, 12 May 2026 23:08:45 -0400https://cybercrime.club/posts/mini-shai-hulud-wave4-tanstack-oidc-slsa-provenance-bypass-cve-2026-45321/TeamPCP's fourth Mini Shai-Hulud wave compromised 42 TanStack packages, the Mistral AI SDK, UiPath, OpenSearch, and Guardrails AI by stealing OIDC tokens out of a GitHub Actions runner's process memory — and shipped malicious versions with valid SLSA Build Level 3 provenance attestations.supply-chain