Over 170 packages across major platforms including TanStack, Mistral AI, and UiPath were compromised in a sophisticated supply chain attack by the hacking group TeamPCP. The attackers exploited GitHub's authentication system by chaining three security vulnerabilities to publish malicious packages that appeared legitimate with valid security certificates, allowing them to steal developer credentials, API keys, and cryptocurrency wallets. The malware also attempted to spread itself by using stolen tokens to publish infected versions of other packages, affecting projects with millions of weekly downloads before being discovered and flagged by security researchers.