Skip to content
The Nexus
DossierENTITY

TanStack

Coverage of TanStack in the Nexus archive.

Earliest in view: Apr 14 · 05:28 UTCMost recent: May 21 · 06:54 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 21 · 06:54 UTCBLEEPING COMPUTER
    GitHub links repo breach to TanStack npm supply-chain attack

    GitHub disclosed that hackers breached 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was compromised during last week's TanStack npm supply-chain attack. The incident represents a significant security vulnerability in the software development supply chain.

  • SECURITYMay 20 · 15:46 UTCBLEEPING COMPUTER
    Grafana breach caused by missed token rotation after TanStack attack

    The Grafana data breach occurred due to a missed token rotation after the TanStack npm supply-chain attack. A single GitHub workflow token was not rotated, leading to the breach. The incident highlights the importance of token rotation in preventing such attacks.

  • SECURITYMay 18 · 14:15 UTCTHE REGISTER
    TanStack weighs invitation-only pull requests after supply chain attack

    The TanStack team is considering making pull requests invitation-only after a supply chain attack used malicious code from the Shai-Hulud worm. The attack poisoned a cache used across the entire repository and led to security measures being proposed. The team is weighing the benefits of increased security against potential deterrents to contributions.

  • SECURITYMay 15 · 10:54 UTCTHE HACKER NEWS
    TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

    OpenAI experienced a supply chain attack via TanStack, impacting two employee devices, but no user data or production systems were compromised. The company quickly contained and investigated the malicious activity. No intellectual property was modified.

  • SECURITYMay 15 · 10:08 UTCTHE REGISTER
    OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

    OpenAI was caught up in the TanStack npm supply chain compromise after employee devices were compromised, forcing the company to rotate signing certificates for several desktop products. The incident is part of a wider campaign targeting npm ecosystems and developer infrastructure. No customer data or production systems were compromised.

  • SECURITYMay 14 · 20:26 UTCRECORDED FUTURE NEWS
    OpenAI asks macOS users to update after TanStack npm supply chain attack

    OpenAI is asking macOS users to update due to a supply chain attack impacting TanStack and other npm and PyPI packages tied to AI companies. The attack is part of an expanding campaign affecting several AI companies. Users are being warned to take action to protect themselves.

  • SECURITYMay 14 · 19:07 UTCBLEEPING COMPUTER
    OpenAI confirms security breach in TanStack supply chain attack

    OpenAI experienced a security breach due to the TanStack supply chain attack, resulting in the compromise of two employees' devices and affecting hundreds of npm and PyPI packages. The company has rotated code-signing certificates as a precautionary measure. This incident highlights the potential risks associated with supply chain attacks.

  • SECURITYMay 12 · 21:38 UTCCYBERSCOOP
    ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack

    A malware campaign known as 'mini Shai-Hulud' has compromised hundreds of open-source packages, embedding credential-stealing code into development tools downloaded millions of times a week. The attack targeted prominent software libraries and infected thousands of companies at once. Security researchers attribute the campaign to TeamPCP, a cloud-focused cybercriminal group.

  • SECURITYMay 12 · 12:00 UTCTHE REGISTER
    Cache-poisoning caper turns TanStack npm packages toxic

    An attacker published 84 malicious versions of TanStack npm packages, leading to credential theft and disk wipe, as part of a wave of attacks across npm and PyPI. The attack was detected within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub has published a security advisory with recommended actions.

  • SECURITYMay 12 · 11:29 UTCBLEEPING COMPUTER
    Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

    A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.

  • SECURITYMay 12 · 11:07 UTCDARK READING
    Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

    A worm from TeamPCP has infected hundreds of npm packages related to the TanStack ecosystem, posing a threat to the supply chain. The self-propagating worm is capable of stealing credentials. This incident highlights a significant security risk in the open-source community.

  • SECURITYMay 12 · 08:50 UTCTHE HACKER NEWS
    Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

    TeamPCP has compromised npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a Mini Shai-Hulud campaign. The affected packages include an obfuscated JavaScript file designed to profile execution. This compromise is part of a recent supply chain attack spree.

  • SECURITYMay 11 · 21:08 UTCHACKER NEWS
    TanStack NPM Packages Compromised

    TanStack's NPM packages have been compromised, as reported in an issue on the TanStack router GitHub page, with discussions also taking place on a news thread. The compromise of these packages poses potential security risks for users. Details and comments can be found through provided URLs.

  • TECHNOLOGYApr 14 · 05:28 UTCHACKER NEWS
    TanStack Start Now Support React Server Components

    TanStack has begun supporting React Server Components, a new feature in React. The announcement was shared via a blog post and discussed on Hacker News with 6 points and 1 comment.