1. The TanStack attack reached two OpenAI employee devices
The TeamPCP-orchestrated compromise of TanStack's npm packages didn't stop at open source. In May, it ended up exfiltrating internal source code credentials from two OpenAI employee devices – and forced a rotation of code-signing certificates that pushed every macOS ChatGPT Desktop user to update their app. No production systems were breached, but the message is clear: a single poisoned dependency now reaches all the way into the most well-resourced AI labs in the world.
Read what happened and how OpenAI responded →
2. Megalodon: 5,718 malicious commits to 5,561 repos in six hours
An automated attack codenamed megalodon used throwaway accounts and forged CI identities to backdoor more than five thousand GitHub repositories in a single afternoon. The payloads scraped AWS, GCP, and Azure credentials, SSH keys, and source secrets straight off CI/CD runners – and high-profile targets like Wiznet and Tiledesk unknowingly propagated the backdoor downstream into npm. If your CI workflows trust pushes and PRs by default, this one is required reading.
See how the megalodon campaign worked →
3. TeamPCP just open-sourced the Shai-Hulud worm – with a $1,000 bounty
In one of the more brazen developments we've ever covered, the group behind the TanStack compromise teamed up with Breached forum to run a supply chain attack competition. The Shai-Hulud worm is now open-sourced and hosted on the forum's CDN, with $1,000 in Monero going to participants who can prove they've used it to breach a target. Expect copycat campaigns. Lots of them.
Read the full breakdown →