LivemintFor about a decade, Livemint—News Desk has been a credible source for authentic and timely news, and well-researched analysis on national news, business, personal finance, corporates, politics and geopolitics.
OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library. The incident has renewed concerns about the security of open-source software, as researchers warn that malicious npm packages can expose developer credentialsOpenAI says no evidence of user data access after TanStack npm security issue(AP)OpenAI has said it found no evidence that user data was accessed following a security issue linked to a supply-chain attack involving the open-source TanStack npm library.The company said in a security update published on its official website that the issue was part of a broader software supply-chain attack campaign known as “Mini Shai-Hulud”, which targeted open-source developer ecosystems including npm and PyPI.What happened?According to a postmortem published by TanStack on 11 May, attackers published 84 malicious versions across 42 @tanstack/* npm packages after exploiting weaknesses in GitHub Actions workflows and CI/CD cache systems.Cybersecurity firm Snyk and security researchers cited in Tom's Hardware's reporting said the malicious packages were designed to steal credentials such as GitHub tokens, cloud API keys, npm credentials, and CI/CD secrets from infected systems.The attack was part of a wider campaign affecting several developer ecosystems and software projects, including packages linked to Mistral AI, UiPath, and OpenSearch, according to security researchers and Reddit community discussions.What did OpenAI say?In its official response, OpenAI said two employee devices in its corporate environment were impacted by the attack. The company said it observed “unauthorised access and credential-focused exfiltration activity” involving a limited subset of internal source-code repositories accessible to those employees.OpenAI said in a security update published on its official website that only limited credential material was successfully exfiltrated and that it found no evidence that customer data, production systems, intellectual property or software code were compromised.The company added that it isolated impacted systems, revoked sessions, rotated credentials, and updated security certificates for some products as a precautionary measure.Why does it matter?The incident has renewed scrutiny of security risks in open-source software supply chains, particularly in ecosystems such as npm, which are widely used across the technology industry, following a series of recent attacks targeting popular JavaScript packages and developer tools, according to reports by Ars Technica and CSO Online.Academic and industry studies have repeatedly warned about the growing risks posed by malicious npm packages and compromised maintainer accounts. A 2021 research paper titled “What are Weak Links in the npm Supply Chain?” by researchers from Microsoft, North Carolina State University and other institutions found that attackers could potentially hijack thousands of npm packages through weak maintainer-account protections and other vulnerabilities in the ecosystem.Other academic studies on software supply-chain attacks have also documented increasing abuse of package managers such as npm and PyPI to distribute malware and compromise downstream users and enterprises, including the 2020 paper “Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks” and later studies examining malicious package detection across npm and PyPI ecosystems.Get Latest real-time updatesStay updated with the latest Trending,
India ,
World and
US news.
HomeNewsWorldOpenAI says no user data stolen after supply-chain hackers accessed employee devicesMore
Russia and Ukraine launched fresh drone attacks overnight, casting doubt that Moscow’s unilateral ceasefire proposal around the weekend’s Victory Day commemoration would be implemented.Russia and Ukraine Trade Drone Strikes Amid Ceasefire ProposalRussia and Ukraine launched fresh drone attacks overnight, casting doubt that Moscow’s unilateral ceasefire proposal around the weekend’s Victory Day commemoration would be implemented.Russia’s Defense Ministry said its forces intercepted 264 Ukrainian drones between midnight and 7 a.m. local time, including some over the capital region. Moscow earlier said that it would halt combat operations and long-range strikes under a self-declared truce for May 8-9, but warned it would respond to Ukrainian attacks.Russia launched more than 140 strikes on Ukrainian frontline positions overnight and attempted 10 assaults, mostly against positions near Slovyansk, Ukrainian President Volodymyr Zelenskiy said on X. Ukraine also said Russia targeted several regions with dozens of drones overnight.“All of this clearly shows that, on the Russian side, there was not even a token attempt to cease fire,” Zelenskiy said, adding that Ukraine would continue to respond in kind while defending itself.Ukraine has said Russia didn’t coordinate its ceasefire proposal with Kyiv and had offered its own proposal for a truce starting May 5. Late on Thursday, Zelenskiy urged foreign leaders planning to visit Moscow in the coming days to reconsider. Planning to attend the May 9 parade on Red Square is “an odd desire at a time like this,” he said, adding, “We do not recommend it.” Russia has warned Ukraine that any attempt to disrupt its annual Victory Day celebrations in Moscow would trigger a retaliatory missile strike on central Kyiv. The Russian Foreign Ministry said this week it urged accredited embassies to take that threat seriously and evacuate staff and citizens from Ukraine’s capital.Moscow’s proposal for a Victory Day ceasefire follows heightened drone attacks, including some deep inside Russia. On Friday, Zelenskiy said Ukraine struck Russia’s Yaroslavl refinery, more than 700 kilometers away from the border. The strikes have sparked security jitters around the annual commemoration of the defeat of Nazi German in WWII. Moscow announced there would be no heavy weaponry at the parade this year for the first time since 2007.©2026 Bloomberg L.P.This article was generated from an automated news agency feed without modifications to text.
LivemintFor about a decade, Livemint—News Desk has been a credible source for authentic and timely news, and well-researched analysis on national news, business, personal finance, corporates, politics and geopolitics. We bring the latest updates on all the listed companies on BSE and NSE, startups, mutual funds, Union ministries, geopolitics, and untapped human interest stories from around the world, helping our readers to stay informed on the latest developments around the globe. Our Coverage Areas 1. Companies: Comprehensive news and analysis on listed and unlisted companies, corporate announcements, corporate chatter, C-suite, business trends, hiring alerts, layoffs, work-life balance, world's top billionaires and richest and more. 2. Personal finance: Insights into mutual funds, small savings schemes like - PPF, SSY, post office savings scheme, stock to watch, personal loans, credit cards, top bank FDs, real estate, income tax and more. 3. Politics: Comprehensive coverage of general elections, state elections and bypolls, Lok Sabha, Vidhan Sabha, Parliament, PMO, PIB, finance ministry, home ministry, among other union ministries and government departments. 4. National News: From metro cities like Delhi, Mumbai, and e to untapped stories from rural India, we cover human interest, health, education, crime and courts, and law and order, among other areas of public interest. 5. Economy: In-depth analysis of India's macro and micro-economic indicators like- GDP, inflation, forex, fiscal deficit, current account deficit, interest rate cycle, economic recovery, RBI circulars, indirect taxes, GST, Insolvency and Bankruptcy imports, exports and everything that impacts Indian economy. 6. Geopolitics: Well-rounded and deeply researched coverage on US News, Oval Office European Union, Ukraine Russia War, middle-east crisis, royal families and global leaders like - Donald Trump, Vladimir Putin, Kim Jong Un, Xi Jinping and premiers of other leading economies in the world. Meet the Team 1. Gulam Jeelani, Political Affairs Editor 2. Sugam Singhal, Senior Assistant Editor 3. Chanchal, Assistant Editor 4. Sanchari Ghosh, Chief Content Producer 5. Pratik Prashant Mukane, Chief Content Producer 6. Sayantani Biswas, Chief Content Producer 7. Ravi Hari, Deputy Chief Content Producer 8. Garvit Bhirani, Deputy Chief Content Producer 9. Akriti Anand, Senior Content Producer 10. Jocelyn Felix Fernandes, Senior Content Producer 11. Swastika Das Sharma, Content Producer 12. Mausam Jha, Content Producer 13. Riya R Alex, Trainee Content Producer
Discussion (0)