Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider Mini Shai Hulud campaign targeting npm ecosystems and developer...
