AI Vibe Coding Security — Issue #10

Mini Shai-Huludnpm Worm Hits AI Tooling

A sophisticated supply-chain attack just compromised 42+ TanStack packages (12M+ weekly downloads) plus Mistral AI, OpenSearch, Guardrails AI, UiPath and more. The malware includes a dead-man’s switch that nukes your home directory if you revoke the stolen token — and persists via Claude Code & VS Code config files even after npm uninstall.

Mini Shai-Hulud · npm Worm

Dead-Man’s Switch + Persistence

AI Dev Tooling Targeted

Mini Shai-Hulud npm Supply-Chain Worm Targets AI Tooling — Dead-Man’s Switch + Persistent Hooks

A massive supply-chain attack has compromised dozens of official npm packages, including 42 TanStack packages (tanstack/react-router alone has >12 million weekly downloads) and expanded to Mistral AI, OpenSearch, Guardrails AI, UiPath, and Squawk packages across npm and PyPI.

The attacker forked repositories, pushed hidden commits, and tricked release pipelines into publishing cryptographically signed malicious versions. The payload steals GitHub tokens, SSH keys, cloud credentials, and more — then installs a dead-man’s switch: if the stolen token is revoked, it nukes the entire home directory.

Even worse: it hooks directly into Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json) so the malware re-executes on every tool event. npm uninstall does NOT remove it.

Why It Matters for Vibe Coders

AI developer tooling is now the #1 target. One innocent npm install can turn your entire dev environment into a persistent backdoor that survives package removal and actively fights back if you try to clean it.

Action Items

Immediately audit package-lock.json / yarn.lock for any TanStack, Mistral, OpenSearch, Guardrails, or UiPath packages.

Check ~/.claude/settings.json and .vscode/tasks.json for suspicious hooks.

Rotate all GitHub tokens, SSH keys, and cloud credentials used on affected machines.

Rebuild affected environments from scratch if compromised.

Enable strict lockfile verification and run npm audit + supply-chain scanners.

Semantic Kernel Prompt-to-RCE Now Actively Exploited — Prompts Literally Become Shells

CVE-2026-25592 & CVE-2026-26030Critical

Microsoft’s Semantic Kernel framework vulnerabilities are now seeing confirmed in-the-wild exploitation. A single crafted prompt can achieve full host-level remote code execution in production agent deployments.

Why It Matters for Vibe Coders

The boundary between “reasoning” and “executing” is gone. Your agents can now be turned into remote shells with one malicious prompt.

Action Items

Patch Semantic Kernel immediately (or migrate if unpatched).

Enforce strict output validation and sandboxing for all tool calls.

Test your agents against the published Microsoft PoCs.

ClaudeBleed + Comment & Control Still Burning — Browser & GitHub Agents Under Heavy Fire

Claude Chrome extension remote hijacks and GitHub “Comment & Control” prompt injection attacks continue seeing active exploitation. Zero-click browser takeovers and malicious PR comments remain live threats.

Why It Matters for Vibe Coders

Every AI coding workflow that touches the browser or GitHub is now a persistent attack surface.

Action Items

Isolate or disable high-risk AI browser extensions.

Sanitize all GitHub PR/issue content before agent ingestion.

Rotate any potentially exposed tokens from affected workflows.