Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A threat actor tracked as TeamPCP compromised over 170 npm and PyPI packages — including TanStack, Mistral AI, UiPath, Guardrails AI, and OpenSearch — via stolen CI/CD credentials, reaching two OpenAI developer endpoints and exposing code-signing certificates for OpenAI’s macOS, Windows, iOS, and Android desktop applications. Any organization consuming the affected packages faces potential credential theft and build artifact contamination. OpenAI has set a hard deadline of 2026-06-12 for macOS users to update before certificate validation failures cause application failures.

Author

Tech Jacks Solutions