OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- U.S. companies brace for Israel-Iran cyber spillover
June 17, 2025
As Israel and Iran exchange airstrikes, cybersecurity experts are warning that a quieter, but still destructive, digital conflict is unfolding behind the scenes. And U.S. companies could soon find themselves in the blast radius. Iran and Israel are home to some of the world’s most skilled hackers. Escalating tensions between the two could spill over into ...
- 5 Things Security Leaders Need to Know About Agentic AI
June 9, 2025
From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving fast. Amazon recently announced a dedicated R&D group focused on agentic ...
- The Looming Cybersecurity Threat at the Industrial IoT Edge
June 5, 2025
The Industrial Internet of Things (IIoT) has transformed how industries operate, delivering efficiencies and insights previously unimaginable. Businesses across manufacturing, logistics, energy, and supply-chain sectors are now rapidly connecting legacy factory equipment, RFID-enabled assets, and operational technologies to cloud-based analytics platforms. But as companies accelerate their adoption of these powerful technologies, they’re opening the door to ...
- Vanta bug exposed customers’ data to other customers
June 2, 2025
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. Vanta, which helps corporate customers automate their security and compliance processes, said it ...
- Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape
May 27, 2025
When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach multiple businesses through a single point of entry. In one ...
- Adidas warns of consumer data breach
May 23, 2025
German sportswear maker Adidas said on Friday an unauthorised external party had obtained certain consumer data through a third-party customer service provider albeit not passwords or credit card data. “We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement. Read more… Source: MSN ...