OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Discord hit by data breach after hackers strike support tickets
October 6, 2025
Discord has warned users it suffered a cyberattack which caused a potentially worrying data breach. In a data breach notification announcement posted on the company’s blog, Discord said a third party, providing customer support services, was breached. “The unauthorized party then gained access to information from a limited number of users who had contacted Discord through ...
- UK: Renault and Dacia customer data stolen in third party cyber attack
October 2, 2025
Renault has become the most recent victim of a cyber attack. Customers of the French firm and its sister brand Dacia have been warned that their personal data, including postal addresses and emails, has been stolen by hackers. In an email sent out to customers, Renault said: “We are very sorry to inform you about a ...
- HSBC warns UK business banking customers of third-party data breach
September 30, 2025
HSBC has warned business banking customers that personal identification documents submitted during account applications may have been compromised following unauthorised access to a third-party platform. In an email sent to customers earlier this month, the bank confirmed that identity documents, images and contact details provided when opening a business account were exposed in the breach. HSBC ...
- UK: Jaguar Land Rover rescued with £1.5bn Government loan after cyber attack
September 28, 2025
The Government has agreed to support Jaguar Land Rover (JLR) with a loan guarantee expected to unlock £1.5billion to support its supply chain. JLR suspended production at its UK factories following the cyber attack on 31 August, including the one in Halewood on Merseyside. The announcement follows the Business Secretary’s visit to JLR and supply chain ...
- UK: Harrods’ customers details stolen in data breach
September 27, 2025
Harrods has warned some of its customers that their personal data may have been taken in an IT systems breach, months after it was targeted by a suspected cyber attack in May. The luxury department store said customer names and contact details have been taken after one of its third-party provider systems was compromised. It said ...
- UK: Jaguar Land Rover facing costs of “millions per week” following cyberattack due to a lack of insurance cover
September 25, 2025
Jaguar Land Rover could be facing the full financial impact of its recent cyberattack after reportedly failing to secure cyber insurance before the incident struck. The attack, which came to light on September 2025, forced the carmaker to shut down its IT networks and halt production at its three UK factories. The disruption is believed to ...