SpaceX Surpasses Amazon in Market Value as Post-IPO Rally Accelerates 
John Jumper Leaves Google DeepMind for Anthropic Amid Intensifying AI Talent Race 
Chinese Social Media Giant Xiaohongshu Eyes Hong Kong IPO at Over $70 Billion Valuation 
J.P. Morgan Sees Potential Vestas Guidance Upgrade Amid Strong Wind Energy Demand 
Carro Expands Into Australia With Acquisition of Used-Car Platform CarPlace 
Anthropic Restricts Global Access to AI Models After U.S. Security Review 
HSBC Australia Faces A$35M Penalty Over Scam Protection Failures 
Apple Signals Product Price Hikes Amid Rising Memory Chip Costs 
Trump Says Anthropic No Longer Seen as National Security Threat 
Kingboard Holdings Shares Surge After HK$11.77 Billion Block Trade to Expand PCB and AI Supply Chain Business 
Meta AI Strategy Faces Challenges as Zuckerberg Admits Mistakes in Internal Memo 
BHP Shares Fall as Jansen Potash Project Costs Surge 
Saudi Aramco Explores Sulphur Business Stake Sale to Raise Billions 
Samsung Gains Interest from BYD, Google, AMD as AI Chip Demand Strains TSMC Capacity 
SoftBank Shares Drop as OpenAI Losses and Rising Costs Spark Investor Concerns 
Anthropic Officials Meet White House Over AI Model Outage 
OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident linked to the TanStack npm package, a widely used open-source JavaScript library. The issue stemmed from a supply-chain attack targeting the npm ecosystem, raising concerns across the cybersecurity and developer communities.
The company stated that after conducting an internal investigation, there were no signs that ChatGPT user information or internal systems were accessed through the compromised dependency. OpenAI emphasized that security teams acted quickly to assess potential risks and monitor affected environments after reports of the malicious package surfaced online.
Supply-chain attacks have become an increasing threat in the software industry because attackers exploit trusted third-party libraries to distribute malicious code. In this case, the compromised TanStack npm package reportedly contained unauthorized modifications designed to collect sensitive information from developers or applications using the infected version.
OpenAI reassured users that its infrastructure and customer data remained secure throughout the incident. The company also highlighted the importance of proactive monitoring, dependency verification, and rapid response procedures to reduce risks associated with open-source software vulnerabilities.
Cybersecurity experts warn that attacks targeting npm packages and other software repositories are becoming more sophisticated as threat actors look for indirect ways to infiltrate organizations. Developers are encouraged to regularly audit dependencies, use trusted package versions, enable multi-factor authentication, and implement automated security scanning tools to detect suspicious activity early.
The incident serves as another reminder of the growing importance of software supply-chain security in modern development environments. While OpenAI reported no evidence of unauthorized access or data exposure, the event highlights the broader risks organizations face when relying on third-party open-source tools and libraries.
