Unknown attackers carried out an attack on TanStack: chains of vulnerabilities in the GitHub Actions architecture were exploited, and infected versions were published directly to the npm registry.
Unknown attackers carried out an attack on TanStack: chains of vulnerabilities in the GitHub Actions architecture were exploited, and infected versions were published directly to the npm registry.
According to DOU, the attackers compromised 42 ecosystem packages at once, releasing 84 malicious versions.
The attack reportedly occurred by bypassing standard security mechanisms, and the hackers created a disguised fork of the TanStack/router repository and sent a PR.
«Due to the use of a vulnerable pull_request_target trigger in the bundle-size.yml configuration file, the malicious code was automatically executed on GitHub servers without any manual approval from maintainers,» the material states.
The stolen data was leaked via the file upload network of the decentralized messenger Session (domains filev2.getsession.org and seed.getsession.org).
At the same time, thanks to end-to-end encryption and the lack of a single command server, it is almost impossible to block this traffic using classic methods by IP.
Anyone who installed any packages from the @tanstack/* family yesterday is advised to check, but the query, table, form, virtual, and store packages remained clean.
As dev.ua recently reported, the popular JavaScript library Axios, which is used in thousands of projects, was compromised through a supply chain attack .
