OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
OpenAI has disclosed the impact of the recent TanStack supply chain attack, warning that credential material was exfiltrated from internal source code repositories.
The open source web application development stack TanStack was hit on May 11, when the TeamPCP hacking group exploited security weaknesses in the package publishing process to release 84 malicious artifacts across 42 packages.
Over 170 packages across several high-profile NPM and PyPI namespaces were compromised on the same day as part of a coordinated campaign. Developer devices were infected with the Shai-Hulud worm.
Source: https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/
Related breach coverage
- OpenAI hit by supply chain attack linked to malicious TanStack packages2026-05-16
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]
- TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code2026-05-15
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.
- Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE2026-05-18
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek.
- First Shai-Hulud Worm Clones Emerge2026-05-18
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.