OpenAI Urges macOS Users to Update After TanStack Supply Chain Attack Hits Signing Keys

OpenAI urged macOS users to update apps after TeamPCP’s supply‑chain campaign compromised TanStack and other npm/PyPI packages and stole signing certificates, leading to credential exfiltration from two employee devices and limited repository exposure; Mistral AI and other organizations were also impacted. The attack used a self‑propagating infostealer that republishes infected packages, and the report recommends immediate macOS updates, credential rotation, auditing for compromised TanStack versions, and consolidating IoCs for hunting.