Morning Overview on MSN

The TanStack supply chain attack poisoned 160 npm and PyPI packages — reaching OpenAI ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...
winbuzzer.com

OpenAI Confirms TanStack Breach Stole Repo Credentials

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...