OpenAI hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
OpenAI confirmed two employees' devices were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of code-signing certificates. The company said customer data, production systems, and deployed software were not affected. The breach is tied to the Mini Shai-Hulud supply-chain campaign, and macOS users must update OpenAI desktop apps by June 12, 2026 to avoid launch or update issues.
Related Happenings
OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
H score34
First: 01.07.2026 00:50
Last: 01.07.2026 00:50
Sources 1
About this happening:
OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/MitigationAbout this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
Poisoned Tenant OpenAI organization invite campaign
Campaign
H score35
First: 26.06.2026 20:49
Last: 26.06.2026 20:49
Sources 1
About this happening:
The **Poisoned Tenant** campaign is using fraudulent **OpenAI organizations** to lure targeted employees into shared **ChatGPT workspaces**, creating a risk of sensitive company d...
Poisoned Tenant OpenAI organization invite campaign
CampaignAbout this happening: The **Poisoned Tenant** campaign is using fraudulent **OpenAI organizations** to lure targeted employees into shared **ChatGPT workspaces**, creating a risk of sensitive company d...
OpenAI Codex codexui-android supply-chain token theft campaign
Campaign
H score48
First: 01.06.2026 12:31
Last: 01.06.2026 12:31
Sources 1
About this happening:
A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
OpenAI Codex codexui-android supply-chain token theft campaign
CampaignAbout this happening: A **malicious supply-chain campaign** is stealing **OpenAI Codex authentication tokens** from developers through the **codexui-android** npm package and mirrored Android apps, cre...
TeamPCP campaign expands across multiple victims
Campaign
H score49
First: 15.05.2026 13:54
Last: 15.05.2026 13:54
Sources 1
How related:
The development comes close on the heels of TeamPCP claiming a number of fresh victims, compromising hundreds of packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of an ongoing supply chain attack campaign designed to push malware to downstream developers and steal credentials from their systems to further extend the scale of the breaches.
About this happening:
The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...
TeamPCP campaign expands across multiple victims
CampaignHow related: The development comes close on the heels of TeamPCP claiming a number of fresh victims, compromising hundreds of packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of an ongoing supply chain attack campaign designed to push malware to downstream developers and steal credentials from their systems to further extend the scale of the breaches.
About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...
Mistral AI hit by network compromise
Incident
H score36
First: 15.05.2026 01:50
Last: 15.05.2026 01:50
Sources 1
About this happening:
Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
Mistral AI hit by network compromise
IncidentAbout this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
Timeline
-
14.05.2026 22:07 2 articles · 1mo ago
OpenAI confirms employee device breach in Mini Shai-Hulud supply-chain compromise
Initial DisclosureOpenAI said two employees' devices were breached in the Mini Shai-Hulud/TanStack supply-chain compromise, with unauthorized access and credential-focused exfiltration seen in a limited subset of internal source code repositories. OpenAI said customer data, production systems, intellectual property, and deployed software were not affected, and it isolated affected systems and accounts, revoked sessions, rotated credentials across affected repositories, temporarily restricted deployment workflows, and began rotating code-signing certificates used for products on macOS, Windows, iOS, and Android.
Show sources
- OpenAI confirms security breach in TanStack supply chain attack — www.bleepingcomputer.com — 14.05.2026 22:07
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — thehackernews.com — 15.05.2026 13:54