Question is in the subject, but to reiterate, how concerned should we be about the latest supply chain attack methods like Mini Shai-Hulud?
Software that "includes" or "imports" many external libraries of unknown provenance seem to be at very heightened risk now that the supply chain itself is being compromised.
Should we be worried about OPNsense?
-- From Brave AI --
Mini Shai-Hulud is a self-propagating supply chain worm campaign attributed to the cybercriminal group TeamPCP (also tracked as UNC6780), which emerged in April 2026 as the fourth generation of the Shai-Hulud malware family. The attack targets the npm and PyPI ecosystems, compromising over 170 packages by leveraging CI/CD trust relationships to steal developer and cloud credentials.
The malware operates by injecting malicious code into trusted packages, such as those in the SAP Cloud Application Programming Model, TanStack, and Mistral AI ecosystems. It uses a two-stage payload that downloads the Bun JavaScript runtime to execute obfuscated code, harvesting tokens from GitHub, AWS, Azure, Google Cloud, and Kubernetes. The stolen data is exfiltrated via encrypted commits to public GitHub repositories or through the anonymous messaging app Session.
Key characteristics of the campaign include:
SLSA Provenance Forgery: Mini Shai-Hulud compromised packages with valid SLSA Build Level 3 attestations, proving that process integrity controls can be defeated.
OIDC Token Extraction: The worm extracts OpenID Connect tokens directly from GitHub Actions runner memory to gain publish credentials without needing stolen passwords.
Persistence: It embeds itself into developer tooling configuration files, such as VS Code and Claude Code, to maintain access to workstations.
High-Profile Impact: The attack affected organizations including OpenAI, Mistral AI, and GitHub, with OpenAI confirming limited credential exfiltration from internal source code repositories.
Mitigation: Security experts recommend rotating all cloud and developer credentials, auditing CI/CD pipelines for unauthorized access, and reviewing package lockfiles for suspicious changes.