@threatintel.microsoft.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Microsoft Threat Intelligence

threatintel.microsoft.com

did:plc:ezrjx3qddwj4azn373c2ipdg

Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2).

2026-05-19T07:39:12.571Z