TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI disclosed that two of its employee devices were impacted by the Mini Shai-Hulud supply chain attack targeting TanStack, though no user data, production systems, or intellectual property were compromised. The attack led to unauthorized access and credential-focused exfiltration in a limited subset of internal source code repositories accessible by the affected employees. OpenAI stated only limited credential material was transferred and acted swiftly to isolate systems, revoke user sessions, rotate credentials, and restrict code-deployment workflows. The incident prompted OpenAI to revoke signing certificates for iOS, macOS, and Windows products, requiring macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas to update their apps to the latest versions by June 12, 2026. macOS protections will block apps signed with the previous certificate after this date. Windows and iOS users are not required to take action. This is the second time in two months OpenAI has revoked macOS code-signing certificates, following a March 31 incident where a GitHub Actions workflow downloaded the malicious Axios library, compromised by North Korean hacking group UNC1069. OpenAI emphasized the growing threat of attackers targeting shared software dependencies and development tooling. TanStack separately confirmed the breach did not involve phishing, password leaks, or token theft. Instead, attackers exploited a flaw in the CI pipeline, stealing the publish token via a compromised cache. The attack aligns with TeamPCP’s ongoing campaign targeting TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI to distribute malware and steal credentials. OpenAI warned that modern software’s reliance on interconnected ecosystems makes vulnerabilities in open-source libraries and package managers a widespread risk. The company urged developers to remain vigilant against evolving supply chain threats.