TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June 12, 2026.
How TeamPCP's Python Toolkit Survives a C2 Takedown: FIRESCALE, GitHub, and the Victim's Own Account
hunt.ioHunt.io analyzes the 13-file Python toolkit TeamPCP deploys after a supply chain compromise, documenting FIRESCALE, victim-hosted exfiltration, and infrastructure pivots that prior vendor reporting missed.