TanStack
Coverage of TanStack in the Nexus archive.
- GitHub links repo breach to TanStack npm supply-chain attack
GitHub disclosed that hackers breached 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was compromised during last week's TanStack npm supply-chain attack. The incident represents a significant security vulnerability in the software development supply chain.
- Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach occurred due to a missed token rotation after the TanStack npm supply-chain attack. A single GitHub workflow token was not rotated, leading to the breach. The incident highlights the importance of token rotation in preventing such attacks.
- TanStack weighs invitation-only pull requests after supply chain attack
The TanStack team is considering making pull requests invitation-only after a supply chain attack used malicious code from the Shai-Hulud worm. The attack poisoned a cache used across the entire repository and led to security measures being proposed. The team is weighing the benefits of increased security against potential deterrents to contributions.
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI experienced a supply chain attack via TanStack, impacting two employee devices, but no user data or production systems were compromised. The company quickly contained and investigated the malicious activity. No intellectual property was modified.
- OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
OpenAI was caught up in the TanStack npm supply chain compromise after employee devices were compromised, forcing the company to rotate signing certificates for several desktop products. The incident is part of a wider campaign targeting npm ecosystems and developer infrastructure. No customer data or production systems were compromised.
- OpenAI asks macOS users to update after TanStack npm supply chain attack
OpenAI is asking macOS users to update due to a supply chain attack impacting TanStack and other npm and PyPI packages tied to AI companies. The attack is part of an expanding campaign affecting several AI companies. Users are being warned to take action to protect themselves.
- OpenAI confirms security breach in TanStack supply chain attack
OpenAI experienced a security breach due to the TanStack supply chain attack, resulting in the compromise of two employees' devices and affecting hundreds of npm and PyPI packages. The company has rotated code-signing certificates as a precautionary measure. This incident highlights the potential risks associated with supply chain attacks.
- ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
A malware campaign known as 'mini Shai-Hulud' has compromised hundreds of open-source packages, embedding credential-stealing code into development tools downloaded millions of times a week. The attack targeted prominent software libraries and infected thousands of companies at once. Security researchers attribute the campaign to TeamPCP, a cloud-focused cybercriminal group.
- Cache-poisoning caper turns TanStack npm packages toxic
An attacker published 84 malicious versions of TanStack npm packages, leading to credential theft and disk wipe, as part of a wave of attacks across npm and PyPI. The attack was detected within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub has published a security advisory with recommended actions.
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.
- Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
A worm from TeamPCP has infected hundreds of npm packages related to the TanStack ecosystem, posing a threat to the supply chain. The self-propagating worm is capable of stealing credentials. This incident highlights a significant security risk in the open-source community.
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP has compromised npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a Mini Shai-Hulud campaign. The affected packages include an obfuscated JavaScript file designed to profile execution. This compromise is part of a recent supply chain attack spree.
- TanStack NPM Packages Compromised
TanStack's NPM packages have been compromised, as reported in an issue on the TanStack router GitHub page, with discussions also taking place on a news thread. The compromise of these packages poses potential security risks for users. Details and comments can be found through provided URLs.
- TanStack Start Now Support React Server Components
TanStack has begun supporting React Server Components, a new feature in React. The announcement was shared via a blog post and discussed on Hacker News with 6 points and 1 comment.