OpenAI impacted by TanStack supply-chain attack.

The report details three significant security issues: (1) a supply-chain attack where the Shai-Hulud worm trojanized the TanStack npm library—impacting OpenAI employee devices and propagating to nearly 400 packages; (2) a subsequent public leak of the Shai-Hulud source code, increasing risk of broader abuse; and (3) Microsoft disclosure of a critical, unpatched Exchange OWA zero-day (CVE-2026-42897) with interim mitigations recommended.