TanStack

TanStack Supply Chain Attack Exploited GitHub Actions to Publish 84 Malicious npm Packages in Six Minutes

Coordinated breach weaponised OIDC tokens and CI/CD automation to compromise 42 packages with credential-harvesting payloads, exposing structural flaws in trusted publishing.

7 min read · 2 weeks ago

Breaking AI Technology

TeamPCP Compromises 170+ npm Packages in Coordinated AI Infrastructure Attack

Supply chain assault targets Mistral AI, TanStack, UiPath, and OpenSearch in first npm worm producing valid security provenance

8 min read · 2 weeks ago