A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.

As tools like Claude Code get better, more and more developers are happy to hand off coding tasks to them. The way software gets built has changed for good. The vibes were strong at Code with Claude, ...

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. In the ongoing Shai-Hulud ...

Google is completely revamping its search experience, and that doesn’t stop at YouTube. Like the rest of Google, YouTube’s search bar is getting infused with AI tools like “Ask YouTube,” a feature ...

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. OpenAI has disclosed the impact of the recent TanStack supply chain attack, ...

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production ...

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for ...

OpenAI responds to TanStack npm supply chain attack, outlines macOS app update deadline, and details new security measures. OpenAI has disclosed its response to the TanStack npm supply chain attack, a ...

OpenAI confirmed that two employee devices were compromised, but found no evidence that user data, production systems, or intellectual property were accessed or stolen. The “Mini Shai-Hulud” campaign ...

A May 11 supply chain attack affected over 170 npm and PyPI packages, including 404 malicious versions of Mistral AI, TanStack, UiPath, OpenSearch, and Guardrails AI. It’s the first documented case of ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The ...