Between 19:20–19:26 UTC on May 11, 2026, attackers exploited a three-step chain — a pull_request_target 'Pwn Request' misconfiguration, Actions cache poisoning, and runtime OIDC token extraction — to publish 84 malicious versions across 42 @tanstack/* packages under CVE-2026-45321 (CVSS 9.6). The campaign was broader than TanStack alone: 373 malicious versions across 169 packages, including @mistralai/mistralai, UiPath, and Squawk, were published within a five-hour window. Malware payloads extracted GitHub PATs, SSH keys, and .npmrc session tokens, exfiltrating them via the Session/Oxen decentralized encrypted network to evade IP-based firewalls. External researcher StepSecurity detected the malicious versions within 20 minutes. This is a confirmed return of the Mini Shai-Hulud campaign previously seen targeting Trivy, Bitwarden CLI, and Intercom client packages. @tanstack/react-router alone has over 12 million weekly downloads, giving this attack significant blast radius. Anyone who installed affected @tanstack/* or @mistralai/* packages on May 11 must immediately rotate AWS, GCP, Kubernetes, Vault, GitHub, npm, and SSH credentials. TanStack has published a postmortem; affected Mistral versions are @mistralai/mistralai 2.2.2–2.2.4 and the corresponding Azure/GCP variants 1.7.1–1.7.3.