top of page
ALL POSTS
OpenAI Targeted in TanStack npm Supply Chain Attack: What You Need to Know
Key Findings OpenAI confirmed that two employee devices were compromised in the TanStack supply chain attack, exposing limited credential material from internal source code repositories The TeamPCP hacking group distributed 84 malicious packages through the TanStack ecosystem using the Mini Shai-Hulud worm, which exploited GitHub Actions OIDC tokens and generated valid SLSA Level 3 attestations Code-signing certificates for iOS, macOS, Windows, and Android applications were e
May 163 min read
Hackers Exploit DigiCert to Issue Malware-Signing Certificates
Key Findings DigiCert's support team was compromised on April 2, 2026 when a staff member opened malware disguised as a screenshot in a help chat Attackers obtained initialization codes for EV Code Signing certificates, which function as bearer credentials for issuing valid certificates At least 60 certificates were revoked after hackers used stolen credentials to sign the Zhong Stealer malware A second compromised endpoint with a malfunctioning CrowdStrike sensor allowed att
May 103 min read
bottom of page
