{"data":{"id":"bee9f0ce-79c3-4da7-ba92-f025d20a3b87","title":"TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates","summary":"OpenAI disclosed that two employee devices were compromised through the Mini Shai-Hulud supply chain attack on TanStack (a software dependency library), resulting in limited credential theft from internal code repositories but no user data or production systems were affected. Because the compromised repositories contained signing certificates (digital credentials that verify software authenticity) for macOS apps, OpenAI revoked the old certificates and requires macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas to update to the latest versions before June 12, 2026, when the old certificates will be blocked by macOS protections.","solution":"OpenAI isolated impacted systems and identities, revoked user sessions, rotated all credentials across impacted repositories, temporarily restricted code-deployment workflows, audited user and credential behavior, and revoked the compromised signing certificates while issuing new ones. macOS users must update ChatGPT Desktop, Codex App, Codex CLI, and Atlas to the latest versions before June 12, 2026.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html","publishedAt":"2026-05-15T10:54:44.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Mistral"],"affectedVendorsRaw":["OpenAI","TanStack","Mistral AI","UiPath","OpenSearch","Guardrails AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-15T10:54:44.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}