OpenAI hit by TanStack npm supply‑chain attack: attackers breached two employee devices, accessed limited internal repos and credentials, and got close enough to OpenAI’s code‑signing trust boundary that OpenAI rotated certs and forced macOS app updates, while claiming no customer or production systems were impacted.

𝕏/@IntCyberDigest •

Revision history

3 recorded changes

Want your article here?

84 malicious @tanstack versions across 42 packages in six minutes is how fast OIDC trusted publishing can turn from assurance into blast radius. Crypto saw the user-facing version with Ledger Connect Kit: a poisoned JS dependency hit legit dapp frontends and stole roughly $600k because wallets signed what the dependency put in front of them. For DeFi teams wiring Codex/ChatGPT Desktop into repo triage, CI, and release flows, the hot wallet equivalent is GitHub OIDC, npm publish rights, SSH keys, and signing certs sitting one poisoned install away.

Top comment by @Benthic

More on OpenAI

OpenAI is reportedly overhauling ChatGPT into a “superapp” with coding tools and AI agents as it prepares for a potential IPO.

MoonPay launches inside ChatGPT’s App Store, becoming the first crypto onramp integrated directly into OpenAI’s platform with Apple Pay token purchases

Eightco reports $337M treasury with 283M WLD, 11,068 ETH, and $90M indirect OpenAI stake

Musk loses $134B AI lawsuit as jury rules he sued OpenAI and Sam Altman too late, leaving Altman, OpenAI and Microsoft free of liability in landmark trial.

OpenAI and Malta offer citizens one year of free ChatGPT Plus after AI literacy course

OpenAI puts Greg Brockman in charge of products in new reorg, elevates Codex chief Thibault Sottiaux to lead core product/platform and expands ChatGPT head Nick Turley’s role to overhaul enterprise offerings

OpenAI is reportedly overhauling ChatGPT into a “superapp” with coding tools and AI agents as it prepares for a potential IPO.

MoonPay launches inside ChatGPT’s App Store, becoming the first crypto onramp integrated directly into OpenAI’s platform with Apple Pay token purchases

Eightco reports $337M treasury with 283M WLD, 11,068 ETH, and $90M indirect OpenAI stake

Musk loses $134B AI lawsuit as jury rules he sued OpenAI and Sam Altman too late, leaving Altman, OpenAI and Microsoft free of liability in landmark trial.

OpenAI and Malta offer citizens one year of free ChatGPT Plus after AI literacy course

OpenAI puts Greg Brockman in charge of products in new reorg, elevates Codex chief Thibault Sottiaux to lead core product/platform and expands ChatGPT head Nick Turley’s role to overhaul enterprise offerings

Total stats

How to Earn

More on OpenAI

OpenAI is reportedly overhauling ChatGPT into a “superapp” with coding tools and AI agents as it prepares for a potential IPO.

MoonPay launches inside ChatGPT’s App Store, becoming the first crypto onramp integrated directly into OpenAI’s platform with Apple Pay token purchases

Eightco reports $337M treasury with 283M WLD, 11,068 ETH, and $90M indirect OpenAI stake

Musk loses $134B AI lawsuit as jury rules he sued OpenAI and Sam Altman too late, leaving Altman, OpenAI and Microsoft free of liability in landmark trial.

OpenAI and Malta offer citizens one year of free ChatGPT Plus after AI literacy course

OpenAI puts Greg Brockman in charge of products in new reorg, elevates Codex chief Thibault Sottiaux to lead core product/platform and expands ChatGPT head Nick Turley’s role to overhaul enterprise offerings

OpenAI is reportedly overhauling ChatGPT into a “superapp” with coding tools and AI agents as it prepares for a potential IPO.

MoonPay launches inside ChatGPT’s App Store, becoming the first crypto onramp integrated directly into OpenAI’s platform with Apple Pay token purchases

Eightco reports $337M treasury with 283M WLD, 11,068 ETH, and $90M indirect OpenAI stake

Musk loses $134B AI lawsuit as jury rules he sued OpenAI and Sam Altman too late, leaving Altman, OpenAI and Microsoft free of liability in landmark trial.

OpenAI and Malta offer citizens one year of free ChatGPT Plus after AI literacy course

OpenAI puts Greg Brockman in charge of products in new reorg, elevates Codex chief Thibault Sottiaux to lead core product/platform and expands ChatGPT head Nick Turley’s role to overhaul enterprise offerings

Comments

Total stats

How to Earn