Cybercriminals Abuse Tanstack Package To Target Developer Environments

Mon May 04 2026

Development

Malware

cyberpress.org

A dangerous new supply chain attack has hit the developer community. A malicious threat actor registered the name “tanstack” on the npm registry, pretending to be part of the popular TanStack software project. However, instead of downloading the advertised helpful video player tool, developers who installed this fake package had their sensitive environment files stolen […] The post Cybercriminals Abuse Tanstack Package To Target Developer Environments appeared first on Cyber Security News.