Bleeping Computer

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for ...
Infosecurity-magazine.com

Mini Shai-Hulud Hits TanStack npm Packages

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...
Opinion
Morning Overview on MSNOpinion

OpenAI says the TanStack breach reached two employee devices but did not compromise user data or production systems

Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an attacker hijacked the project’s automated publishing pipeline, the company ...
heise online

Supply chain attack on TanStack: 42 packages compromised

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack wave. The TanStack team announced that a supply chain attack on TanStack ...
Morning Overview on MSN

The GitHub break-in began on one developer’s laptop and a poisoned coding add-on — then spread to the keys guarding code inside thousands of companies

Sometime in early 2026, a software developer did what millions of programmers do every week: updated a dependency. The ...
heise online

React Deep Dive: TanStack Router and TanStack Query - Part 2

The detailed view of a task is characterized by two technical features. Firstly, the path to the route contains a variable placeholder that must be filled with a task ID at runtime (/task/1, /task/2 ...