Tag

post-mortem

Oldest Newest URL A-Z URL Z-A Title A-Z Title Z-A Random
Postmortem: TanStack NPM supply-chain compromise
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem

On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the forkā†”base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.

 
compromise cyber hackernews post-mortem security supply chain vulnerability
Added 1 week ago