OpenAI rotates certificates after TanStack breach

// 1h agoSECURITY INCIDENT

OpenAI rotates certificates after TanStack breach

OpenAI is rotating code-signing certificates for its desktop applications following a supply chain attack on the TanStack ecosystem that compromised employee devices. macOS users must update ChatGPT and Codex by June 12, 2026, to ensure continued service and security.

// ANALYSIS

The "Mini Shai-Hulud" campaign highlights a critical vulnerability in modern CI/CD pipelines where SLSA attestations can be bypassed via build-environment hijacking.

–Attackers used "Pwn Request" exploits in GitHub Actions to poison TanStack release artifacts with valid signatures.
–While OpenAI's production systems remain secure, the exfiltration of signing keys from developer workstations posed a significant risk of malware spoofing.
–The hard June 12 deadline is dictated by macOS security policies, which will block execution for any application signed with the compromised, soon-to-be-revoked certificates.
–This incident underscores the need for more robust isolation of OIDC tokens and secrets within automated build workflows.

// TAGS

securityautomationdevtoolopenaitanstack

DISCOVERED

1h ago

2026-05-15

PUBLISHED

1h ago

2026-05-15

RELEVANCE

8/ 10

AUTHOR

The PrimeTime

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

LAUNCH32m ago

Obsidian Intelligence Layer enables agentic vault workflows

Eric Michaud's new Obsidian Intelligence Layer transforms static digital vaults into active AI operating systems. The system integrates real-time reporting, agentic execution loops, and visual dashboards to turn daily notes into actionable business intelligence.

SECURITY1h ago

Mini Shai-Hulud worm hits Guardrails AI

Guardrails AI version 0.10.1 was compromised in a sophisticated supply chain attack using hijacked OIDC tokens to bypass registry security. The malicious package exfiltrates cloud credentials and includes a destructive "dead-man's switch" that wipes user home directories if compromised tokens are revoked. This incident marks a significant escalation in autonomous worm-based threats targeting the AI developer ecosystem.

SECURITY1h ago

OpenSearch npm package hit by supply chain worm

The OpenSearch JavaScript client versions 3.5.3 through 3.8.0 were compromised in the sophisticated "Mini Shai-Hulud" supply chain attack. Orchestrated by the TeamPCP group, the worm hijacks legitimate GitHub Actions pipelines to steal OIDC tokens and includes a retaliatory wiper routine that destroys a developer's home directory if credentials are revoked.