OpenAI Hit by TanStack Supply Chain Attack

Friday, May 15, 2026 at 10:37 AM UTC·Source: SecurityWeek

Updated: Friday, May 15, 2026 at 11:00 AM UTC

Executive Summary

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek .

Analysis

Source Attribution

Originally published by SecurityWeek on May 15, 2026.

Related Threats

MEDIUMSupply Chain

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

3h agoThe Hacker News

MEDIUMSupply Chain

First Shai-Hulud Worm Clones Emerge

At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek .

4h agoSecurityWeek

CRITICALSupply Chain

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Molt

5h agoCSO Online