Grafana says hackers compromised business contact information and downloaded its codebase as a result of the TanStack supply ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

GitHub says the breach of roughly 3,800 internal repositories was tied to the wider TanStack npm supply-chain attack.

A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was ...

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the ...

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on ...

Numerous TanStack packages on npm have suffered a supply chain attack, apparently as part of the “Mini Shai-Hulud” attack ...