When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate laptops, the company’s security team faced a decision that no software ...
Hosted on MSN
OpenAI says the TanStack breach reached two employee devices but did not compromise user data or production systems
Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an attacker hijacked the project’s automated publishing pipeline, the company ...
A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...
Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but ...
A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results