TECH NEWS

OpenAI Hit by TanStack Supply Chain Attack

https://www.securityweek.com/wp-content/uploads/2025/11/OpenAI.jpeg

OpenAI has disclosed the impact of the recent TanStack supply chain attack, warning that credential material was exfiltrated from internal source code repositories.

The open source web application development stack TanStack was hit on May 11, when the TeamPCP hacking group exploited security weaknesses in the package publishing process to release 84 malicious artifacts across 42 packages.

Over 170 packages across several high-profile NPM and PyPI namespaces were compromised on the same day as part of a coordinated campaign. Developer devices were infected with the Shai-Hulud worm.

OpenAI was one of the organizations affected downstream. Two employee devices were infected as part of the attack, and credentials and other secrets were exfiltrated from them.

Despite its limited scope, the compromise granted the attackers access to several internal source code repositories that the two OpenAI employees had access to.

“We confirmed that only limited credential material was successfully exfiltrated...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://www.eu-startups.com/wp-content/uploads/2026/05/Untitled-design-2026-05-19T165310.544.jpg

Berlin-based bunch, an AI-native platform for managers and institutional investors to manage the entire fund lifecycle, raised a €30.1M Series B led by Portage

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data