OpenAI Confirms Supply Chain Attack Involving Malicious TanStack Packages

OpenAI confirmed a supply chain attack involving malicious TanStack packages, which compromised two employee devices and exposed credential material stored in internal source code repositories. The attack was attributed to the TeamPCP hacking group, which exploited weaknesses in the package publishing process. No specific dates, CVE IDs, or additional technical details about the exploited vulnerabilities were disclosed. The incident resulted in the exposure of credentials but did not mention further unauthorized access or data breaches. OpenAI acknowledged the compromise without providing details on the timeline or affected systems beyond the two devices.