1. Forum
  2. tqwNet
  3. TQW GENTECH

  • OpenAI confirms security breach in TanStack supply chain attack,

    From TechnologyDaily@1337:1/100 to All on Friday, May 15, 2026 13:15:27
    OpenAI confirms security breach in TanStack supply chain attack, but says no user data was affected

    Date:
    Fri, 15 May 2026 12:05:00 +0000

    Description:
    Two devices were compromised by TeamPCP's infostealing malware.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter OpenAI confirmed two employee devices were impacted in the TanStack Mini ShaiHulud supply chain attack Malware exfiltrated limited credential material from internal code repositories; no customer data or IP affected OpenAI revoked sessions,
    rotated credentials and signing certificates; macOS users must update apps, Windows/iOS unaffected OpenAI has confirmed two employee devices were
    affected by the recent TanStack supply chain attack, but stressed the
    incident left almost no mark on its operations.

    A threat actor known as TeamPCP recently launched the Mini Shai-Hulud supply chain attack, in which 84 versions of the TanStack npm package were compromised and used to distribute malware. The malware TeamPCP smuggled through was designed to harvest developer credentials, cloud secrets, and SSH keys. It is likely called Mini Shai-Hulud because it self-propagates across the ecosystem, similar to how the previous Shai-Hulud worm did. The name
    comes from the gigantic worms in the Dune novels. Latest Videos From You may like OpenAI flags third-party data issue all macOS users should update now Nvidia GeForce NOW data breach confirmed but luckily most of us will be safe Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations Confirming the attack Now, OpenAI has confirmed two employee devices in its corporate environment were impacted.

    We observed activity consistent with the malwares publicly described
    behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access, OpenAI said in a blog post .

    We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or
    code was impacted.

    In response to the incident, OpenAI isolated impacted systems and identities, revoked user sessions, and rotated all credentials. The company also temporarily restricted code-deployment workflows but so far, theres been no evidence that customer data, or intellectual property, had been impacted. There is also no evidence of credential misuse or follow-on access. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The impacted source code repositories included signing certificates for
    OpenAI products, including iOS, macOS, and Windows , which forced the company to rotate code-signing certificates as a precaution. As a result, macOS users will need to update their applications. Windows and iOS app users are not required to do anything.

    TanStack is a collection of free software tools that help developers manage data and build user interfaces for websites and applications. Across its ecosystem of libraries, TanStack has been downloaded more than four billion times. The total ecosystem currently gets more than 177 million downloads a week.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/openai-confirms-security-breach-in-tans tack-supply-chain-attack-but-says-no-user-data-was-affected


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)