security Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed  this week that it had been caught up in the wider "Mini Shai-Hulud" campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised. OpenAI said the incident happened during a phased rollout of new supply chain security controls introduced after a previous Axios-related incident . According to the company, the two compromised employee devices had not yet received updated package management protections that would have blocked the malicious dependency.…