Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an attacker hijacked the project’s automated publishing pipeline, the company ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing ...

A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.