Tag: tanstack
9 articles

Grafana Breach Exposed by TanStack Supply Chain Attack
Grafana Labs revealed that a supply chain attack led to an unauthorized download of its codebase, exposing a vulnerability that allowed attackers to gain access to its GitHub repositories through a missed workflow token. The breach was detected on May 11, with the company swiftly rotating tokens, but unfortunately, one was overlooked.

Grafana Breach Exposes Missed Security Step After TanStack Attack
A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Grafana GitHub Breach Exposes Source Code in TanStack npm Attack
Grafana Labs recently reported a security breach that exposed source code and internal data, but fortunately, there's no evidence that customer production systems were compromised. The breach, detected on May 11, was confined to the company's GitHub environment and involved both public and private source code and internal repositories.

Shai-Hulud worm infects another npm package
A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates
OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

OpenAI Disrupted in TanStack npm Supply Chain Breach
Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.

Malware Targets TanStack npm Packages in Supply Chain Attack
Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

TanStack npm packages compromised in cache-poisoning attack
Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Shai Hulud Campaign Targets Developers with Malicious npm Packages
Malicious actors have unleashed a barrage of 84 tainted versions of popular software packages, cleverly disguising them with legitimate credentials to deceive developers. The Shai Hulud campaign, linked to the TeamPCP threat group, has been wreaking havoc on the software supply chain since September.