Morning Overview on MSN
The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI, Mistral AI, and UiPath through compromised build pipelines
On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...
Morning Overview on MSN
The TanStack supply chain attack hit OpenAI — hackers reached two employee devices and forced the company to rotate all its code-signing certificates
When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate laptops, the company’s security team faced a decision that no software ...
OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
Hackers exploited a TanStack library vulnerability, compromising two OpenAI employees' devices and accessing limited internal ...
Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack ...
OpenAI rotated macOS code-signing certificates after two employees downloaded poisoned npm packages in a TanStack supply ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results