TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1l4Vq20M455
What’s new: OpenAI reported that two employee devices were impacted by the Mini Shai-Hulud supply chain attack on TanStack. Although no user data or production systems were compromised, limited credential material was exfiltrated from internal source code repositories. OpenAI has revoked and replaced code-signing certificates for its macOS applications, requiring users to update their apps to prevent potential risks from malicious app distribution.
Who’s affected
OpenAI employees and users of macOS applications including ChatGPT Desktop, Codex App, Codex CLI, and Atlas are affected. Additionally, other organizations like Mistral AI and TanStack have reported being compromised in the ongoing supply chain attack campaign.
What to do
- macOS users of affected OpenAI applications should update to the latest versions before June 12, 2026, to ensure protection against potential risks.
- Monitor for any unusual activity in internal source code repositories and rotate credentials as necessary.
- Stay informed about ongoing supply chain attacks and implement security measures to safeguard development environments.
