CISA added three software supply-chain attack vectors to the Known Exploited Vulnerabilities catalogue on 27 May, all attributed to a coordinated campaign targeting developer environments. The simultaneous KEV addition for three distinct developer toolchain attack vectors signals that exploitation is confirmed active — a threshold CISA requires before adding any item to the KEV.
The Three Compromised Components
CVE-2026-8398 — DAEMON Tools Signed Installer Trojanisation
DAEMON Tools, the widely-used virtual drive and disc image software, had a signing certificate compromised, allowing attackers to distribute a trojanised installer through legitimate download channels with valid code-signing. The malicious installer includes the legitimate DAEMON Tools application alongside a credential-harvesting payload that targets stored browser credentials, SSH keys, and code signing certificates stored in the developer environment. CVSS 8.8.
CVE-2026-45321 — TanStack Query Malicious npm Package
The TanStack Query (formerly React Query) npm package is a widely-used data fetching library for React applications with tens of millions of weekly downloads. A malicious package mimicking the legitimate @tanstack/react-query package name was published to the npm registry with slight name variations and promoted via search engine optimisation. The malicious package executes a post-install script that establishes a persistent connection to a TeamPCP command-and-control server. CVSS 9.1.
CVE-2026-48027 — Nx Console VS Marketplace Extension Backdoor
Nx Console is a popular Visual Studio Code extension for managing Nx monorepo workspaces, used widely in enterprise JavaScript and TypeScript development. A backdoored version of the extension was published to the VS Marketplace under a modified publisher account with a visually similar name. The extension includes the legitimate Nx Console functionality plus a hidden module that exfiltrates workspace configuration files, environment variables, and .env files to an external endpoint on first launch. CVSS 8.6.
TeamPCP Attribution
All three attacks are attributed to TeamPCP, a threat actor previously identified in the April 2026 Axios npm supply-chain compromise and the DPRK-linked LiteLLM/PyPI compromise. TeamPCP has developed a consistent methodology: compromise or spoof developer tooling components, rely on automated package managers and auto-update mechanisms to distribute the payload, and target the credential and secret stores that developers accumulate on workstations over time — SSH private keys, AWS/cloud credentials, code signing certificates, and API tokens.
The naming of this campaign — “Mini Shai-Hulud” — echoes the “Operation Shai-Hulud” designation applied to a 2025 supply-chain campaign from the same actor. The “Mini” designation may reflect the smaller scale of the targeted packages relative to the 2025 operation.
KEV Remediation Deadline
Federal civilian executive branch (FCEB) agencies are required to address KEV items by the published deadline (typically 21 days for exploitation confirmed in the wild). For private sector organisations, CISA recommends immediate action:
- DAEMON Tools: Do not install or run the DAEMON Tools installer until the compromised version has been identified and a clean version confirmed by the vendor. Verify the certificate thumbprint of any existing installation against the vendor-published legitimate certificate.
- TanStack/React Query: Audit
package-lock.jsonandyarn.lockfiles across repositories for any@tanstack/react-querypackage versions published to npm by non-official publishers. Runnpm auditand check the package publisher name. - Nx Console: Remove and reinstall Nx Console from the official publisher only. Audit VS Code extensions on developer workstations for unexpected publisher names.
Share this article