OpenAI Hit by TanStack Supply Chain Attack

OpenAI's security breach: TanStack attack exposed devices but no customer data. Update macOS apps by June 12, 2026, to ensure functionality.

By Content Team

May 15, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

OpenAI disclosed that two employee devices were infected during the May 11 TanStack supply chain attack by TeamPCP hackers. The attackers exploited weaknesses in package publishing to release 84 malicious artifacts across 42 packages, infecting devices with the Shai-Hulud worm.

Limited credential material was stolen from internal source code repositories, but no customer data or intellectual property was compromised. OpenAI rotated all affected credentials and revoked user sessions.

The company is revoking code-signing certificates for all platforms and re-signing applications. macOS users must update their OpenAI apps by June 12, 2026, or risk losing functionality. The incident occurred during OpenAI's security transition following a previous March attack.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Actively Probing Citrix NetScaler Systems Before Major Attack Wave

Mar 30, 2026

Healthcare Recruitment Platform Hit by Major Cyber Attack Affecting Northern Ireland Health Trusts

Apr 11, 2026

Massive Supply Chain Attack on Trivy Tool Threatens Thousands of Organizations

Mar 25, 2026

Daemon Tools Supply Chain Attack Hits Thousands of Users

May 7, 2026