Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Home/CyberSecurity News/OpenAI confirms data breach from TanStack npm supply chain attack
CyberSecurity News

OpenAI confirms data breach from TanStack npm supply chain attack

Key Takeaways OpenAI confirmed that two employee devices were compromised as part of a broader supply chain attack targeting the TanStack npm library. The breach allowed limited exfiltration of...

Marcus Rodriguez
Marcus Rodriguez
May 15, 2026 4 Min Read
45 0

Key Takeaways

  • OpenAI confirmed that two employee devices were compromised as part of a broader supply chain attack targeting the TanStack npm library.
  • The breach allowed limited exfiltration of credential material from internal source code repositories, including code-signing certificates for OpenAI products.
  • No customer data, intellectual property, or production systems were affected, but macOS users must update their OpenAI applications by June 12, 2026.
  • The “Mini Shai-Hulud” campaign, orchestrated by TeamPCP, leveraged weaknesses in GitHub Actions and CI/CD configurations to inject malicious code into open-source packages.

OpenAI Employee Devices Compromised in TanStack Supply Chain Attack

OpenAI has confirmed that two employee workstations were infiltrated during a widespread software supply chain attack that targeted the popular TanStack npm JavaScript library. Despite the breach, the artificial intelligence giant stated that no user data, production systems, or core intellectual property were compromised.

Table Of Content

  • Key Takeaways
  • OpenAI Employee Devices Compromised in TanStack Supply Chain Attack
  • Details of the OpenAI Breach
  • OpenAI’s Incident Response Actions
  • Mandatory macOS App Updates
  • Broader Impact of Mini Shai-Hulud
  • What You Should Do

The incident is part of a sophisticated campaign dubbed “Mini Shai-Hulud,” launched on May 11, 2026 UTC, by the extortion group TeamPCP. The attackers exploited vulnerabilities within TanStack’s GitHub Actions workflows and CI/CD configurations to inject malicious code directly into the library’s release pipeline. This tactic allowed the compromised package versions to appear legitimate and trustworthy to consuming systems, facilitating their silent propagation.

Details of the OpenAI Breach

OpenAI’s internal environment ingested the compromised TanStack package before updated security controls could be fully deployed, leading to the infection of two employee devices. An investigation by OpenAI, supported by a third-party digital forensics and incident response firm, uncovered credential-focused exfiltration attempts from a limited number of internal source code repositories accessible by the two impacted employees.

While some credential material was successfully exfiltrated, OpenAI emphasized that no customer data, intellectual property, or production code was altered, stolen, or accessed beyond the limited scope. Crucially, the affected repositories contained code-signing certificates for OpenAI applications across iOS, macOS, Windows, and Android platforms. Although no evidence of certificate misuse has been found, OpenAI is rotating all signing certificates as a proactive security measure.

OpenAI’s Incident Response Actions

Upon detecting the malicious activity, OpenAI initiated a rapid response to contain the breach:

  • Impacted systems and user identities were immediately isolated.
  • All active user sessions on affected accounts were revoked.
  • Credentials across all compromised repositories were rotated.
  • Code-deployment workflows were temporarily restricted.
  • A third-party incident response firm was engaged for comprehensive forensic analysis.
  • Coordination with platform providers was undertaken to block new notarizations using the old certificates.

Mandatory macOS App Updates

Due to the compromise of macOS code-signing certificates, all macOS users of OpenAI applications are required to update their software before June 12, 2026. After this date, Apple’s macOS security features will prevent any application still signed with the old certificates from launching or receiving further updates. Affected applications include ChatGPT Desktop (version 1.2026.125), Codex App (26.506.31421), Codex CLI (0.130.0), and Atlas (1.2026.119.1). Users on Windows and iOS platforms are not required to take any action.

OpenAI advises users to obtain updates exclusively through official in-app mechanisms or authorized OpenAI web pages, cautioning against downloading software from third-party sites, email links, or unsolicited installers.

Broader Impact of Mini Shai-Hulud

The “Mini Shai-Hulud” campaign extended beyond OpenAI, successfully compromising hundreds of npm and PyPI packages from various projects, including Mistral AI, UiPath, Guardrails AI, and OpenSearch. The malware specifically targeted sensitive developer and cloud credentials, such as GitHub tokens, npm publish tokens, AWS credentials, Kubernetes secrets, SSH keys, and .env files, effectively weaponizing the very tools essential for modern DevOps operations.

This incident follows a previous compromise involving OpenAI’s Axios developer tool, which prompted the company to implement hardened CI/CD pipeline controls and package manager configurations with security constraints like minimumReleaseAge. The two devices affected in the TanStack attack had not yet received these updated security configurations, a lapse exploited by the attackers. The breach at OpenAI serves as a stark reminder of the inherent risks in the modern software supply chain, where a single upstream compromise can rapidly propagate across numerous downstream targets.

What You Should Do

  • Update macOS OpenAI Applications: If you are a macOS user of OpenAI applications, update your software (ChatGPT Desktop, Codex App, Codex CLI, Atlas) immediately through official channels before June 12, 2026.
  • Verify Update Sources: Always download software updates directly from official in-app mechanisms or OpenAI’s official website. Avoid third-party download sites, email links, or unsolicited installers.
  • Monitor for Suspicious Activity: Organizations should enhance monitoring for unusual activity related to developer credentials, GitHub tokens, npm publish tokens, AWS credentials, Kubernetes secrets, SSH keys, and .env files.
  • Strengthen Supply Chain Security: Implement and enforce robust CI/CD pipeline controls, package manager configurations with security constraints (e.g., minimumReleaseAge), and regular security audits of open-source dependencies.
  • Rotate Credentials: Regularly rotate critical developer and cloud credentials, especially those associated with CI/CD pipelines and package publishing.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachExploitMalwareSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Cisco SD-WAN Controller Zero-Day Actively Exploited for Admin Access

Next Post

Critical Next.js Vulnerability Exposes Cloud Credentials and API Keys

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us