OpenAI asks macOS users to update after TanStack npm supply chain attack

OpenAI, Mistral AI and parts of the open-source ecosystem were impacted by a supply-chain campaign that compromised TanStack and other npm/PyPI packages to distribute credential‑stealing malware which exfiltrated limited credentials, corrupted signing keys, and led to stolen internal repositories being offered for sale by the group TeamPCP; OpenAI has isolated affected systems, rotated credentials, revoked sessions, rotated certificates and required macOS users to update to new signed builds.