GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. OpenAI has disclosed the impact of the recent TanStack supply chain attack, ...

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for ...

Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password, but ...

OpenAI responds to TanStack npm supply chain attack, outlines macOS app update deadline, and details new security measures. OpenAI has disclosed its response to the TanStack npm supply chain attack, a ...

A founder's honest review after rebuilding Citegrove, Drazel, and Postloom on TanStack Start. I deleted Next.js from production three months ago. Not because it's bad. Next.js is excellent. I shipped ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain attack affecting developer ecosystems, including packages tied to UiPath, ...

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The ...

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...

NEXT Insurance has unveiled a new brand identity as ERGO NEXT Insurance, marking the company's integration with ERGO, the primary insurance company of Munich Re. The updated identity follows Munich Re ...

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...