{"data":{"id":"0275374c-c2ee-4ca1-8d8a-46d8ca303fe1","title":"OpenAI confirms security breach in TanStack supply chain attack","summary":"OpenAI confirmed that two employees' devices were breached in the TanStack supply chain attack, where attackers inserted malicious code into popular software packages distributed through npm and PyPI (package repositories for code libraries). The breach resulted in stolen credentials and exposed code-signing certificates (digital signatures that verify software authenticity), but did not compromise customer data, production systems, or deployed software. OpenAI rotated its code-signing certificates and isolated affected systems as a precaution.","solution":"OpenAI isolated affected systems and accounts, revoked sessions, rotated credentials across affected repositories, temporarily restricted deployment workflows, and rotated code-signing certificates for macOS, Windows, iOS, and Android products. macOS users must update their OpenAI desktop applications before June 12, 2026, as older certificate-signed applications may not launch or receive updates due to Apple's notarization process. Windows and iOS users do not need to take action.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/","publishedAt":"2026-05-14T19:07:24.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Mistral"],"affectedVendorsRaw":["OpenAI","Mistral AI","UiPath","Guardrails AI","OpenSearch","TanStack"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T19:07:24.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}