Tag

Supply Chain Attack

Stories with this tag. Sections and all tags live in the Topics menu; for full-text use search.

Co-occur with these stories — for navigation and internal links.

Grafana breach caused by missed token rotation after TanStack attack

Grafana Labs disclosed a data breach from an unrotated GitHub token after the TanStack npm attack, exposing internal repositories and business contacts but no customer systems.
May 20, 2026
Grafana data breach TanStack npm supply chain attack GitHub tokens
OpenAI confirms breach tied to TanStack supply chain attack

OpenAI confirms two employee devices breached in the Mini Shai-Hulud supply-chain campaign; code-signing certs exposed, macOS users must update by June 12, 2026.
May 14, 2026
supply-chain attack OpenAI TanStack Mini Shai-Hulud npm PyPI software security
Bitwarden CLI npm package compromised to steal developer credentials

Bitwarden CLI npm package compromised, exposing developer secrets; users must rotate credentials.
April 23, 2026
security supply-chain-attack npm bitwarden developer-tools credential-theft
Backdoors Found in Dozens of WordPress Plugins Affecting Thousands of Websites

Malicious backdoors discovered in popular WordPress plugins affect 20,000+ websites, highlighting supply chain security risks.
April 14, 2026
cybersecurity WordPress backdoor supply chain attack open-source security
OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI rotates macOS certificates after compromised Axios package in GitHub Actions workflow; users must update apps by May 8, 2026.
April 14, 2026
OpenAI macOS security supply chain attack Axios code signing

Related tags