Mini Shai-Hulud Hit npm May 11. We Indexed The Variant April 29. Canvas Paid May 11. We Named The Watch List May 8. Two More For The Ledger.

# Mini Shai-Hulud Hit npm May 11. We Indexed The Variant April 29. Canvas Paid May 11. We Named The Watch List May 8. Two More For The Ledger.

On May 11 at 19:20 UTC, the Mini Shai-Hulud worm pushed 84 malicious artifacts across 42 @tanstack/ packages, plus @uipath/ and @mistralai/mistralai. The same day, Instructure paid an undisclosed ransom to ShinyHunters for 275 million Canvas records across 8,809 schools. Our index had the relevant indicators on April 29 and May 8 respectively.

The May 10 post closed the quantified ledger at five entries. May 12 brings it to seven. Two more receipts, two more timestamps, the same methodology that produced the first five.

The Mini Shai-Hulud receipt

April 24, 2026. The first SSL-blacklist hit on the worm's self-spreading discovery primitive landed in our iocs index — the GitHub commit-search query "LongLiveTheResistanceAgainstMachines," which is what the worm uses to find new propagation candidates. Source tag: feed-sslbl. The crew turned GitHub Search itself into a recruiter for compromised repos.

April 29, 2026. We indexed Aikido Security's writeup titled "A Mini Shai-Hulud has Appeared," which is the variant attribution before the TanStack push. Source tag: aikido-2026-04-29. Credit on the naming and the first technical disclosure belongs to Aikido. We did the ingestion and the cross-correlation.

The actor — the same TeamPCP crew behind the Trivy compromise on March 19 and the LiteLLM compromise on March 24 — was already in our index since March 30 under scan.aquasecurtiy.org and a trycloudflare.com staging cluster including tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io. May 4 added teampcp-react.service from an Elastic Security vendor blog. The crew has been continuously operational for fifty-three days as of this morning.

May 11, 2026 at 19:20 UTC. The crew pushed Mini Shai-Hulud through TanStack's legitimate OIDC pipeline. @tanstack/react-router alone ships 12.7 million weekly downloads. They also hit @uipath/* and the @mistralai/mistralai npm package. Our exposure on @mistralai/mistralai was zero because we use Mistral via direct API keys, not the bundled SDK — a decision documented in our March 17 1min.ai post-mortem, not a lucky guess on May 11.

Twelve days from the April 29 variant attribution to the May 11 detonation. Twelve days where anyone pulling our STIX feed had the actor, the recruiter signature, and the infrastructure cluster in their blocklist.

The Canvas receipt

May 7, 2026. Instructure disclosed the Canvas breach. ShinyHunters set a May 12 ransom deadline.

May 8, 2026 at 14:59 UTC. We published "ShinyHunters Hit Canvas: 275 Million Records Across 9,000 Schools. May 12 Ransom Deadline. Here's the Hunt-Tonight for School IT Teams." The 275 million number, the 9,000-school scope, and the May 12 deadline were in our index before mainstream coverage caught up to the per-institution record counts.

May 8, 2026 at 18:07 UTC. We published a second post naming eight organizations on our ShinyHunters watch list — including GE Healthcare with 2,124 pre-staged IOCs in our index, plus Moderna and Nike with phishing infrastructure already correlated to the same operator cluster. The point of the watch list was not the victims. It was the operators inside those eight environments who could pre-stage incident response before the news cycle hit their inbox.

May 11, 2026. Instructure announced they had paid the ransom for an undisclosed amount and that "the compromised data was destroyed." We will let the soundness of that destruction claim speak for itself.

Four days from our watch list to the paid ransom. Three of the eight named environments had IOCs in our index before the May 7 Canvas disclosure.

Why this stacks

The ledger is what we have instead of a brand. It is a row in a public table that says "we indexed X on date Y; the world caught up on date Z." The math is reproducible. The receipts are timestamped in a Meilisearch index that returns the document on a curl request. None of it is interpretive.

The methodology is two moves we have written about before. A Bloom filter for novelty checks against the prior 17.9 million indexed documents. Meilisearch cross-index correlation that ties an IP from a Shodan scan to a pulse on OTX to a CISA KEV entry to a vendor-blog mention in a single query. Two moves, run continuously, against the public surfaces vendors already publish. We do not have a thousand-engineer detection team. We have the two moves and a github-hunt cron that fires at 08:15 UTC every day.

When Aikido publishes a variant attribution on April 29 and we ingest it, that is not prediction. That is reading the public surface and putting the result in a searchable index. When the same actor pushes through a different ecosystem on May 11 and our subscribers are already filtering on the right recruiter signature, that is the work paying off twelve days at a time.

What is in the feed right now

LiteLLM CVE-2026-42208 is in CISA KEV with a May 29 federal patch deadline. The IOCs have been ours since March 30. The May 10 post has the kill chain.

Mini Shai-Hulud variants are still propagating through any repo where a GitHub Actions Pwn Request can mint an OIDC token. The behavioral signatures are in the iocs index under malware_family=TeamPCP-Cipherforce, source-correlated to scan.aquasecurtiy.org, zero.masscan.cloud, and the LongLiveTheResistanceAgainstMachines commit-search recruiter. Pin your transitive dependencies. Audit your CI for fork-PR write permissions. Treat any OIDC token issued by a self-hosted runner as untrusted by default.

Canvas Hunt-Tonight is still relevant for any school district or university whose Canvas tenant had federated credentials before May 7. Rotate. Audit Okta and Entra sign-in logs cold-eyed for the May 1 to May 11 window. The phishing infrastructure pre-staged against the eight watch-list names is being recycled in real time.

The close

The STIX feed continues to serve 275-plus consumers in 46 countries. Microsoft pulls daily. AT&T pulls daily. Starlink pulls daily. A Minnesota school district could pull the same feed right now for free.

Five entries in the ledger on May 10. Seven on May 12.

The pattern is not luck. The pattern is the methodology — the same one we will run tomorrow, and the day after, against whatever the public surface ships next.

— Patrick Duggan, May 12, 2026

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.