OpenAI hit by supply chain attack linked to malicious TanStack packages
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]
OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process to distribute 84 malicious packages tied to the TanStack open source development ecosystem.
Recently, the TeamPCP group launched a new wave of the Mini Shai-Hulud worm, compromising legitimate npm packages through hijacked GitHub Actions OIDC tokens. The malware spread through trusted release pipelines and even generated valid SLSA Level 3 attestations, making the malicious packages appear legitimate. Researchers say the worm steals secrets from CI/CD environments, targets more than 100 credential locations, installs persistence mechanisms in developer tools like VS Code and Claude Code, and spreads automatically to other packages controlled by compromised maintainers. The campaign has already affected packages linked to TanStack, UiPath, DraftLab, and others.
Related breach coverage
- OpenAI Hit by TanStack Supply Chain Attack2026-05-15
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
- TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code2026-05-15
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.
- OpenAI asks macOS users to update after TanStack npm supply chain attack2026-05-14
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
- Russian APT Turla builds long-term access tool with Kazuar Botnet evolution2026-05-16
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection […]