OpenAI Breach Linked to TanStack Attack; macOS Users Must Update
Breach linked to TeamPCP gang affects two employee devices, though customer data remains safe. macOS users need to update.
OpenAI confirmed a security breach. It hit two employee devices, part of the bigger TanStack supply chain attack. The TeamPCP extortion gang, specifically its "Mini Shai-Hulud" campaign, is behind this. They compromised hundreds of npm and PyPI packages.
OpenAI says customer data and production systems are safe. Still, they rotated code-signing certificates for their apps. Just a precaution.
Hardware keys and password managers used by security pros.
The Attack
This was a widespread software supply-chain attack. First, it hit packages from TanStack and Mistral AI. Attackers found holes in GitHub Actions workflows, CI/CD configs. Injected bad updates into legit software. Published malicious versions, made 'em look real.
OpenAI saw unauthorized access. Credentials stolen from a small slice of internal source code repos. The ones those two employees could get to.
They've locked down affected systems. Revoked sessions, rotated credentials, restricted deployment workflows. A third-party firm is helping with the forensic investigation. It's ongoing.
Certificate Rotation
So, the certificate rotation. It's a precaution. macOS users, heads up: Update your OpenAI desktop apps by June 12, 2026. Older certificates? Apple's notarization process might block launches, updates. Windows and iOS users, you're fine. Nothing to do.
This isn't new, honestly. Attackers increasingly hit the supply chain, not just one company. Broader impact, you know? OpenAI points out how modern software relies on all those interconnected open-source libraries, package managers. A vulnerability there? It spreads fast. Across organizations.
Supply Chain Vulnerabilities
Supply chain attacks? A constant headache for tech. Especially in Europe, with GDPR and all its data protection rules. Software development is so interconnected. Breaches like this ripple out. Hit different sectors, different countries.
What this means for you
macOS users: Update your OpenAI apps. Don't want disruptions, right? Also, a reminder for everyone: Watch your software supply chain security. Stay on top of updates, patches.
What's still unclear
Still a lot we don't know. How many other orgs were hit? Could those stolen credentials be used again? For future attacks? The attackers' full capabilities? Still being investigated.
Why this matters
This breach just screams: secure your software supply chain. Attacks are getting smarter, more interconnected. Companies have to get proactive. Protect their digital turf.
Hardware keys and password managers used by security pros.
Shop security gear →More from Security
Hackers Breach OpenAI Code, Prompting Urgent Security Measures
OpenAI reports limited data breach following malware attack on TanStack. No user data compromised. Security measures are underway.
ChatGPT Mac App Needs Urgent Update After OpenAI Breach
Got the ChatGPT Mac app? You'll need to update it by June 12. A security breach hit OpenAI employee devices, forcing certificate revocations. Your data's safe, but the app won't work without the patch.
Google's QR-Captcha Blocks Androids Without Play Services
A new QR-Captcha from Google could block Android users without Play Services, raising concerns over access and data privacy.
Umbrellas vs. Drones: 'Flytrap' Method Confuses UAVs, With Mixed Results
Forget net guns. Researchers are trying to take down drones with... umbrellas. A new 'Flytrap' method shows promise in confusing UAVs, but real-world results are a mixed bag.
Don’t miss these
OpenAI Brings Codex Coding AI to ChatGPT Mobile App
OpenAI just dropped its powerful Codex system into the ChatGPT mobile app. Now you can manage AI-driven coding tasks from your iPhone or Android, a pretty big deal for developers on the go.
Aliens: Fireteam Elite 2 Unleashes First Gameplay — And New Xenos
Get a fresh look at Aliens: Fireteam Elite 2. The first gameplay trailer shows off intense PvE, new Xenomorphs, and what's coming. Spoiler: it's brutal.
AMD's FSR 4.1 Hits Older GPUs in July, RX 7000 Gets a Boost
AMD's FSR 4.1 is headed to older Radeon RX GPUs this July. That means better visuals for gamers, even on hardware not built for this kind of tech.
Amazon Discounts M5 MacBook Pro by $300, iPhone 16e Also Drops
Big Apple savings just dropped on Amazon. Score an M5 MacBook Pro for $1,499. Plus, iPhone 16e starts at $449.
Tech Giants Won. Your Data Center's Carbon Footprint Just Got Bigger.
Big Tech just scored a win, but environmentalists might call it a loss. Amazon, Meta, and others successfully lobbied against stricter CO2 rules for their gas-guzzling data centers, citing 'investment concerns.' What does that mean for your cloud services?
Neon Vision Editor: Lean Coding for Apple Users
Tired of bloated development environments? Neon Vision Editor trims the fat, giving Apple users a lean, fast option for everyday coding and text editing.