**OpenAI** has announced that it rotated code-signing certificates for its applications as a precaution after two employee devices were breached in the recent **TanStack** supply chain attack. This incident, which impacted hundreds of npm and PyPI packages, prompted the company to take swift action to secure its software ecosystem. ### Limited Impact In a security advisory, **OpenAI** stated that the breach did not affect customer data, production systems, intellectual property, or deployed software. The company linked the incident to the "Mini Shai-Hulud" supply-chain campaign by the **TeamPCP** extortion gang. "We observed activity consistent with the malware's publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access," **OpenAI** explained. The company confirmed that only limited credentials were stolen from the repositories and that there is no evidence they were used in further attacks. **OpenAI** isolated affected systems and accounts, revoked sessions, rotated credentials across affected repositories, and temporarily restricted deployment workflows. A forensic investigation was conducted with the help of a third-party incident response firm. ### Code Signing Certificate Rotation Code signing certificates used for **OpenAI** products on macOS, Windows, iOS, and Android were exposed during the incident. Although there was no detected abuse of these certificates to sign malicious software, **OpenAI** is rotating them as a precautionary measure. macOS users will need to update their **OpenAI** desktop applications before June 12, 2026, as applications signed with the older certificates may not launch or receive updates due to **Apple**'s notarization process. Windows and iOS users are not affected and do not need to take any action. ### The TanStack Supply Chain Attack The **OpenAI** breach is part of a larger Mini Shai-Hulud software supply-chain campaign that compromised hundreds of npm and PyPI packages. The attack initially targeted packages from **TanStack** and **Mistral AI** before spreading to other projects, including **UiPath**, **Guardrails AI**, and **OpenSearch**, through stolen CI/CD credentials and legitimate workflows. Researchers from **Socket** and **Aikido** tracked hundreds of compromised packages distributed through legitimate package repositories. According to **TanStack**'s post-mortem, attackers exploited weaknesses in the project's **GitHub Actions** workflows and CI/CD configuration to execute malicious code, extract tokens from memory, and publish malicious packages through **TanStack**'s normal release pipeline. The Mini Shai-Hulud malware targeted the theft of developer and cloud credentials, including **GitHub** tokens, npm publish tokens, **AWS** credentials, Kubernetes secrets, SSH keys, and .env files. The malware also established persistence on developer systems by modifying Claude Code hooks and VS Code auto-run tasks. The malware spread by using stolen **GitHub** and npm credentials to compromise maintainer accounts, inject malicious payloads into package tarballs, and publish new trojanized package versions to repositories. **Microsoft** Threat Intelligence reported that the attack launched a Linux information-stealing tool targeting systems running Russian-language software. The malware also contained a destructive sabotage component that would randomly execute a recursive wipe command on some Israeli or Iranian systems. **OpenAI** emphasizes that this incident highlights the growing trend of attackers targeting the software supply chain for widespread impact. "Modern software is built on a deeply interconnected ecosystem of open-source libraries, package managers, and continuous integration and continuous deployment infrastructure, which means that a vulnerability introduced upstream can propagate widely and quickly across organizations," the company concluded. <div> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a></p> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2> <p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p> <p>This guide covers the 6 surfaces you actually need to validate.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p> </div> </div>