News
OpenAI Confirms Two Employee Devices Compromised in TanStack npm Supply Chain Attack
OpenAI published a detailed response to the May 11 TanStack npm supply chain attack by hacking group TeamPCP, which compromised 170+ packages and 404 malicious versions. Two OpenAI employee devices were hit, with 'limited credential material' exfiltrated from internal source code repositories. The attack hijacked TanStack's legitimate OIDC-authenticated release pipeline, publishing 84 malicious artifacts in 6 minutes — a new escalation in supply chain attack sophistication.
Source
↳ Follow the thread