OpenAI said two employee devices in its corporate environment were compromised through the Mini Shai-Hulud supply-chain attack affecting TanStack and the npm ecosystem. The company said it found no evidence that user data, production systems or intellectual property were compromised or modified without authorization. The malware reached the devices through poisoned packages linked to TanStack, a set of tools used in web development. OpenAI said attackers tried to steal credentials from a limi...

Read the original article