The vulnerability bottleneck has moved - Eva Hill
Eva Hill
SubscribeSign in
The vulnerability bottleneck has moved<br>finding bugs is easy, fixing them is hard
Eva Hill<br>Jun 11, 2026
Share
Everyone’s that’s ever written a line of code has most certainly touched an open source library, even without realising it. I’ve typed npm install many times without thinking about it like many people, because it’s just what you do. It’s amazing for installing libraries, frameworks, and other development tools for your projects. Npm alone is relied upon by more than 17 million developers worldwide and hosts over two million packages, making it the largest software registry in the world. It’s a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world. So when it works, it’s invisible. But when it goes wrong, everyone downstream feels it.<br>On May 11th, it clearly didn’t. An attacker pushed 84 malicious versions across 42 @tanstack/* packages in the span of 6 minutes. The malware harvested credentials, self-propagated across every package the victim maintained, and exfiltrated through a decentralised messenger that can’t be taken down. Within days it had spread to OpenSearch, Mistral AI, Guardrails AI, UiPath -- 172 packages, 518 million cumulative downloads. And while the malicious versions were detected publicly within 20 minutes(ish) and had a limited impact initially, the consequences would take a few more days to emerge.<br>5 days later, Grafana Labs confirmed a targeted attack, where the attackers gained unauthorized access to their GitHub repos and downloaded their codebase. This incident originated from the same TanStack npm supply chain attack, and when Grafana detected this malicious activity on May 11, they immediately initiated their incident response plan. This plan involved rotating a significant number of GitHub workflow tokens, but unfortunately one missed token led to the attackers gaining access to their GitHub repositories.<br>At this point you’d think NPM stands for Neatly Packaged Malware.<br>The TanStack attack is not an isolated incident. It is the latest wave in a series of npm supply chain attacks using the Shai-Hulud worm toolchain. Where each wave builds on the previous wave’s technical sophistication. And yet none of this feels new, if anything it feels routine to see a new critical vulnerability discovered every day. Which raises the obvious question: if this stuff is so catastrophic, why does it occur so regularly? Shocking we know.<br>Make programming easier + make models smarter = make bad virus easier. While this is a gross oversimplification, its more accurate to say that as models get smarter, it allows for faster, more adaptive cyberattacks, and far more scalable than anything achievable through hands-on-keyboard intrusions. personally im most concerned about scale, that they got cheaper to scale. A loop running overnight can probe hundreds of targets simultaneously in a way no human crew could.
There are more incidents worth covering right now than this post could reasonably hold and cataloguing all of them would be a sisyphean task. So I’ve picked to pick some of the most egregious ones that I could think about.
Quick rundown
If you’re anything like me (chronically online and slightly paranoid) you’ve probably seen at least a new exploit nearly every day on your TL.
Up until 3 months ago, I wasn’t too concerned with what was happening in the security ecosystem. But around late April, a friend got caught in the blast radius of an attack, not as a developer but a student trying to revise for her finals. She, along with thousands of students across thousands of institutions, woke up to find they no longer had access to their coursework online. Instructure the company behind the widely used LMS Canvas suffered a major breach of its infra at the hands of ShinyHunters through a vulnerability in its Free-For-Teacher service. A few days later, the group posts a ransom demand on its data leak site and claim exfiltration of 3.65 TB of data across approximately 275 million records from 8,809 educational institutions.<br>However after the initial deadline for the ransom passed, they decided to pivot to direct school-by-school extortion and deface Canvas login pages by exploiting the same Free-For-Teacher vulnerability. Instructure takes Canvas offline globally, which coincided with exam season where students from schools like MIT, Stanford and Brown were unable to access their learning materials, many of whom voiced their discontent on social platforms. The scale of the attack is what initially caught my attention, and remains what concerns me most about model improvements. AI doesn’t need to be a genius the alter the economics of attack and discovery, it only needs to make certain workflows cheaper to run in loops, making it easier to scale.<br>Nobody can keep a secret anymore
A few weeks ago, a new and exceptionally dangerous Linux local-privilege...