OpenAI hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
OpenAI confirmed two employees' devices were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of code-signing certificates. The company said customer data, production systems, and deployed software were not affected. The breach is tied to the Mini Shai-Hulud supply-chain campaign, and macOS users must update OpenAI desktop apps by June 12, 2026 to avoid launch or update issues.
Related Happenings
TeamPCP campaign expands across multiple victims
Campaign
First: 15.05.2026 13:54
Last: 15.05.2026 13:54
Sources 1
How related:
The development comes close on the heels of TeamPCP claiming a number of fresh victims, compromising hundreds of packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of an ongoing supply chain attack campaign designed to push malware to downstream developers and steal credentials from their systems to further extend the scale of the breaches.
About this happening:
The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...
TeamPCP campaign expands across multiple victims
CampaignHow related: The development comes close on the heels of TeamPCP claiming a number of fresh victims, compromising hundreds of packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of an ongoing supply chain attack campaign designed to push malware to downstream developers and steal credentials from their systems to further extend the scale of the breaches.
About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...
Mistral AI hit by network compromise
Incident
First: 15.05.2026 01:50
Last: 15.05.2026 01:50
Sources 1
About this happening:
Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
Mistral AI hit by network compromise
IncidentAbout this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
Vulnerability
First: 14.05.2026 21:53
Last: 14.05.2026 21:53
Sources 1
About this happening:
**Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
VulnerabilityAbout this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
How related:
The Mini Shai-Hulud malware delivered in the campaign targeted the theft of developer and cloud credentials, including GitHub tokens, npm publish tokens, AWS credentials, Kubernetes secrets, SSH keys, and .env files.
About this happening:
The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityHow related: The Mini Shai-Hulud malware delivered in the campaign targeted the theft of developer and cloud credentials, including GitHub tokens, npm publish tokens, AWS credentials, Kubernetes secrets, SSH keys, and .env files.
About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...
Hugging Face shared-loader supply chain campaign
Campaign
First: 11.05.2026 10:05
Last: 11.05.2026 10:05
Sources 1
About this happening:
A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Hugging Face shared-loader supply chain campaign
CampaignAbout this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....
Timeline
-
14.05.2026 22:07 2 articles · 13d ago
OpenAI confirms employee device breach in Mini Shai-Hulud supply-chain compromise
Initial DisclosureOpenAI said two employees' devices were breached in the Mini Shai-Hulud/TanStack supply-chain compromise, with unauthorized access and credential-focused exfiltration seen in a limited subset of internal source code repositories. OpenAI said customer data, production systems, intellectual property, and deployed software were not affected, and it isolated affected systems and accounts, revoked sessions, rotated credentials across affected repositories, temporarily restricted deployment workflows, and began rotating code-signing certificates used for products on macOS, Windows, iOS, and Android.
Show sources
- OpenAI confirms security breach in TanStack supply chain attack — www.bleepingcomputer.com — 14.05.2026 22:07
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates — thehackernews.com — 15.05.2026 13:54