Skip to main content

Tag: tanstack

9 articles

Blurred computer screen surrounded by development materials in a bright, neutral workspace.

Grafana Breach Exposed by TanStack Supply Chain Attack

Grafana Labs revealed that a supply chain attack led to an unauthorized download of its codebase, exposing a vulnerability that allowed attackers to gain access to its GitHub repositories through a missed workflow token. The breach was detected on May 11, with the company swiftly rotating tokens, but unfortunately, one was overlooked.

Analyst 207
Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Laptop screen displays GitHub repository page on a clean workspace surface.

Grafana GitHub Breach Exposes Source Code in TanStack npm Attack

Grafana Labs recently reported a security breach that exposed source code and internal data, but fortunately, there's no evidence that customer production systems were compromised. The breach, detected on May 11, was confined to the company's GitHub environment and involved both public and private source code and internal repositories.

Analyst 207
Developer workstation in shared office with laptop and large monitor displaying signs of GitHub Actions shared-cache…

Shai-Hulud worm infects another npm package

A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

Analyst 207
A laptop on a simple desk in a corporate office with a blurred background of cubicles and a hint of a coding workspace on…

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates

OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

Analyst 207
Developer workstation with npm package management software on laptop screen, surrounded by clutter, with cityscape visible…

OpenAI Disrupted in TanStack npm Supply Chain Breach

Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.

Analyst 207
Developer workstation with laptop, coding environment, notes, and coffee cups, with daylight and cityscape in background.

Malware Targets TanStack npm Packages in Supply Chain Attack

Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

Analyst 207
Laptop workstation with blank screen, surrounded by papers and notes in a neutral-colored room.

TanStack npm packages compromised in cache-poisoning attack

Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Analyst 207
Dimly lit development workspace with laptop and empty GitHub repositories or terminal windows.

Shai Hulud Campaign Targets Developers with Malicious npm Packages

Malicious actors have unleashed a barrage of 84 tainted versions of popular software packages, cleverly disguising them with legitimate credentials to deceive developers. The Shai Hulud campaign, linked to the TeamPCP threat group, has been wreaking havoc on the software supply chain since September.

Analyst 207