TECH NEWS

OpenAI says no user data was touched in the TanStack npm worm

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but by TanStack’s own legitimate release pipeline, after the attacker code took over the runner mid-build.

OpenAI said on Wednesday that it found no evidence of user data being accessed, products being compromised, or its software being altered after a supply-chain compromise of the TanStack npm packages earlier this week.

Two employee devices in OpenAI’s corporate environment were affected, the company said in a notice published on its website. Limited credential material was exfiltrated from internal code repositories. Passwords and API keys were not.

The interesting part is how the malicious packages got there. On 11 May, between 19:20 and 19:26 UTC, 84 malicious artefacts were published across 42 packages in the @tanstack namespace, including @tanstack/react-router, which alone...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

https://platform.theverge.com/wp-content/uploads/sites/2/chorus/uploads/chorus_asset/file/25334821/STK466_ELECTION_2024_CVirginia_C.jpg?quality=90&strip=all&crop=0%2C9.9676601489831%2C100%...

Anthropic and OpenAI take their beef to the midterm elections

Hello and welcome to Regulator, a newsletter for Verge subscribers about the car crashes piling up on a daily basis at the Washington-based intersection of technology and politics. If you’re not a subscriber, sign up for our fine editorial enterprise today, especially as we process the end of Musk

https://www.cnet.com/a/img/resize/5fccded3abe66f4bff21cd8b5b996d6841bf8fa4/hub/2026/05/20/99f41a98-7d5c-4d3d-9799-2a7ea344e7c3/gettyimages-2276401241.jpg?auto=webp&fit=crop&height=675&widt...

Europa League Final: Livestream Aston Villa vs. Freiburg Today

Why You Can Trust CNET Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement Unai Emery's team takes on the Breisgau-Brasilianer in today's showdown

https://www.cnet.com/a/img/resize/00b267ec9f2e536ffb65036a448c689dc60bc0de/hub/2026/05/19/b05e86be-2135-4095-b22a-4861798650b4/screenshot-2026-05-19-at-11-17-42am.png?auto=webp&fit=crop&he...

Gemini Spark Gives Google Way Too Much Access to Your Data

Google's shoving more AI into its software and devices. Meet Gemini Spark, the new AI agent that's like a 24/7 personal assistant. Google debuted the tool on Tuesday at its Google I/O developer conference. We saw a demo of Gemini Spark in action, handling

https://platform.theverge.com/wp-content/uploads/sites/2/2025/10/258002_Google_Pixel_10_Pro_Fold_AJohnson_0010.jpg?quality=90&strip=all&crop=0%2C10.723165084465%2C100%2C78.55366983107&w=1200

Vibe coding is coming to your phone

“There’s an app for that” was the promise of the App Store from the very beginning. The app that will get your phone to do the thing you want it to? It’s just a few taps away. The tagline wasn’t strictly true — I’m still waiting for

Read more

Anthropic and OpenAI take their beef to the midterm elections

Europa League Final: Livestream Aston Villa vs. Freiburg Today

Gemini Spark Gives Google Way Too Much Access to Your Data

Vibe coding is coming to your phone