U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

OpenAI hit by supply chain attack linked to malicious TanStack packages

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process […]

openai Atlas

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories.

OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process to distribute 84 malicious packages tied to the TanStack open source development ecosystem.

Recently, the TeamPCP group launched a new wave of the Mini Shai-Hulud worm, compromising legitimate npm packages through hijacked GitHub Actions OIDC tokens. The malware spread through trusted release pipelines and even generated valid SLSA Level 3 attestations, making the malicious packages appear legitimate. Researchers say the worm steals secrets from CI/CD environments, targets more than 100 credential locations, installs persistence mechanisms in developer tools like VS Code and Claude Code, and spreads automatically to other packages controlled by compromised maintainers. The campaign has already affected packages linked to TanStack, UiPath, DraftLab, and others.

The recent TanStack supply chain attack also impacted OpenAI after two employee devices downloaded malicious packages tied to the Mini Shai-Hulud campaign. Attackers stole credential material and secrets from those systems, gaining access to a limited number of internal source code repositories connected to the affected employees.

OpenAI said the security breach had a limited impact and found no evidence that customer data, production systems, or intellectual property were compromised. The company responded by rotating exposed credentials, revoking active sessions, and temporarily tightening restrictions around code deployment workflows.

“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access.” reads the post published by OpenAI. “We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.”

The compromised repositories included code-signing certificates used for iOS, macOS, Windows, and Android applications. As a precaution, OpenAI revoked the certificates and began re-signing affected software packages.

“We are updating our security certificates, which will require all macOS users to update their OpenAI apps to the latest versions.” continues the post. “This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI.”

The company warned that macOS users must update their OpenAI applications before June 12, 2026, or the software may stop receiving updates and could eventually stop functioning correctly.

OpenAI also coordinated with platform providers to block any attempt to abuse the stolen certificates for malicious notarization activities and reviewed previously signed software for signs of tampering.

“We have also reviewed all notarization of software using our previous certificates to confirm no unexpected software signing has occurred with these keys, and validated that our published software did not have unauthorized modifications.” states OpenAI. “We have found no evidence of compromise or risk to existing software installations.”

According to the company, the incident occurred during an ongoing migration to hardened configurations introduced after the earlier Axios supply chain attack. The two infected employee devices had not yet received the updated protections that likely would have blocked the malicious package downloads.

“This incident reflects a broader shift in the threat landscape: attackers are increasingly targeting shared software dependencies and development tooling rather than any single company.” concludes the company.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, supply chain attack)