OpenAI and others deal with fallout from TanStack supply-chain attack.

This bulletin summarizes several active cyber incidents: a TanStack npm supply‑chain compromise by the Shai‑Hulud worm (linked to TeamPCP) that spread to hundreds of packages and affected OpenAI employee devices, the public release of the worm’s source code, an anonymous researcher disclosing multiple Windows zero‑days (including a BitLocker bypass and privilege escalation), Microsoft’s advisory on a critical Exchange OWA zero‑day, a ransomware/data‑theft incident at Foxconn claimed by the Nitrogen gang, and Instructure’s negotiated response to a ShinyHunters extortion campaign; the report also notes proposed UK cyberlaw updates.