This page collects WhisperX intelligence signals tagged #tanstack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A coordinated supply chain attack dubbed "Mini Shai-Hulud" has successfully infiltrated the npm registry, compromising multiple packages associated with TanStack, a widely-used suite of web development tools. Security researchers at Socket have identified the breach and are urging developers to immediately audit their ...
A sweeping npm supply chain attack has surfaced, targeting more than 170 packages with over 400 malicious versions published. The campaign stands out for a critical anomaly: investigators found no evidence that any maintainer accounts were compromised, raising sharp questions about how the malicious code entered the ec...
A sophisticated supply chain attack has compromised TanStack and over 160 packages across the npm and PyPI ecosystems, security researchers at Orca Security report. The attack, characterized as a self-propagating worm, represents a significant escalation in software supply chain threats, targeting widely-used developer...
Security researchers at Wiz.io have identified a new wave of supply chain attacks targeting the Tanstack ecosystem, with the threat actor tracked as "mini-shai-hulud" injecting malicious code into multiple NPM packages. The attack follows a pattern consistent with sophisticated open-source supply chain intrusions, wher...
A sprawling supply-chain attack has embedded credential-stealing malware into hundreds of open-source software packages distributed through major registries, security researchers warned. The campaign, dubbed "mini Shai-Hulud," targets development tools with massive user bases, placing malicious code within reach of dev...
OpenAI has confirmed that two employee devices were compromised through a supply chain attack targeting TanStack, an open-source software library. The company stated that no user data or production systems were affected by the incident. The breach is part of a broader campaign in which hackers hijacked multiple open-so...
OpenAI is requiring all macOS users to update their applications by June 12 or risk losing access to updates and support, after a supply chain attack corrupted the signing keys used to verify the legitimacy of the company's software. The move comes as security researchers track an expanding campaign that compromised Ta...