Breach Overview and Attack Vector
On May 11, 2026, threat actors from the TeamPCP extortion gang executed a supply chain attack dubbed “Mini Shai-Hulud” against TanStack, a popular open-source JavaScript library. By exploiting weaknesses in TanStack’s GitHub Actions and CI/CD pipeline, the attackers injected malicious code into legitimate package releases. These tampered packages appeared authentic to downstream consumers, including OpenAI.
OpenAI confirmed that two employee workstations ingested the compromised package before updated security controls were applied. The company engaged a third-party digital forensics and incident response firm to investigate. The analysis revealed credential focused exfiltration activity across a limited set of internal source code repositories accessible to the two affected employees. Only minimal credential material was exfiltrated, and no customer data, intellectual property, or production systems were compromised.
Impact and Remediation
The impacted repositories contained code signing certificates for OpenAI applications across iOS, macOS, Windows, and Android platforms. While no evidence of certificate misuse was found, OpenAI is rotating all signing certificates as a precaution. The company isolated affected systems, revoked active user sessions, rotated credentials, temporarily restricted code deployment workflows, and coordinated with platform providers to block new notarizations using the old certificates.
Because the compromised repositories included macOS code signing certificates, all macOS users must update their OpenAI apps before June 12, 2026. Affected applications include ChatGPT Desktop (version 1.2026.125), Codex App (26.506.31421), Codex CLI (0.130.0), and Atlas (1.2026.119.1). After that date, Apple’s macOS security protections will block older versions.
Source: Cyber Security News
