US Egg Producers Settle Price Manipulation Probe, Agree to Pay $3.3 Million and Donate 53 Million Eggs 
Super Micro Shares Slide After Taiwan Raids Over Alleged Nvidia AI Chip Smuggling Probe 
Italy Investigates Microsoft Over Microsoft 365 AI Subscription Price Hike 
Open-Source AI Models Gain Ground as Enterprises Seek Lower-Cost Alternatives, Citi Says 
Kakaku.com Shares Rise as Bain Capital and LY Corp Prepare Higher Takeover Bid Than EQT 
Firmus Partners With Nvidia to Deliver 170,000 AI GPUs in $30 Billion Cloud Infrastructure Deal 
SpaceX, Charter Communications Explore Mobile Partnership to Expand Starlink Wireless Service 
Lenovo Shares Slide as AI-Driven Memory Demand Signals Higher DRAM and NAND Prices 
Baidu Shares Rally as Kunlunxin Eyes $50 Billion Hong Kong IPO 
SoftBank Shares Slide as OpenAI IPO Delay Concerns Weigh on AI Investment Outlook 
Micron Stock Surges on Strong AI Demand, Record Revenue, and Bullish Q4 Forecast 
Apple Challenges India Antitrust Probe, Says CCI Copied Rivals’ Claims in App Store Case 
US Judge Seeks Explanation for DOJ’s Decision to Drop Gautam Adani Bribery Case 
Buffett Delays Gates Foundation Donation Pending Epstein Ties Review 
Apple Supplier Stocks Slide as Samsung, SK Hynix Lead Selloff After Apple Price Hikes 
Morgan Stanley Raises Tesla Q2 Delivery Forecast on Strong Europe and China Demand 
Anthropic Brings Claude AI Models to Microsoft Azure Foundry With NVIDIA Blackwell GPUs 
OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident linked to the TanStack npm package, a widely used open-source JavaScript library. The issue stemmed from a supply-chain attack targeting the npm ecosystem, raising concerns across the cybersecurity and developer communities.
The company stated that after conducting an internal investigation, there were no signs that ChatGPT user information or internal systems were accessed through the compromised dependency. OpenAI emphasized that security teams acted quickly to assess potential risks and monitor affected environments after reports of the malicious package surfaced online.
Supply-chain attacks have become an increasing threat in the software industry because attackers exploit trusted third-party libraries to distribute malicious code. In this case, the compromised TanStack npm package reportedly contained unauthorized modifications designed to collect sensitive information from developers or applications using the infected version.
OpenAI reassured users that its infrastructure and customer data remained secure throughout the incident. The company also highlighted the importance of proactive monitoring, dependency verification, and rapid response procedures to reduce risks associated with open-source software vulnerabilities.
Cybersecurity experts warn that attacks targeting npm packages and other software repositories are becoming more sophisticated as threat actors look for indirect ways to infiltrate organizations. Developers are encouraged to regularly audit dependencies, use trusted package versions, enable multi-factor authentication, and implement automated security scanning tools to detect suspicious activity early.
The incident serves as another reminder of the growing importance of software supply-chain security in modern development environments. While OpenAI reported no evidence of unauthorized access or data exposure, the event highlights the broader risks organizations face when relying on third-party open-source tools and libraries.
