OpenSearch in the Media
24 mentions across press, blogs, and newsletters
May 2026
OpenAI Confirms TanStack Breach Stole Repo Credentials
OpenAI has confirmed attackers breached two employee devices and
OpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attack
OpenAI says a recent software supply-chain attack tied to the “Mini Shai-Hulud” malware campaign impacted two employee devices and exposed limited internal credentials, prompting the company to rotate code-signing certificates for its desktop applications. The company said it found no evidence th
OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack
Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched a campaign dubbed “Mini Shai-
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]
OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices
OpenAI confirmed that two employee devices were compromised, but found no evidence that user data, production systems, or intellectual property were accessed.
Mistral AI allegedly breached by Dune-loving criminals following TanStack supply chain hit, 450 repositories exposed
Mistral AI allegedly breached by Dune-lo
OpenAI says no user data was touched in the TanStack npm worm
Two corporate laptops, some credential material, and a forced macOS app update. The interesting part is how the malicious packages got published in the first place: not by a stolen npm password,
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer workstations, the worm <a href="https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreadi
Mini Shai-Hulud Hits TanStack npm Packages
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
Cache-poisoning caper turns TanStack npm packages toxic
Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code
Mini Shai Hulud strikes again hitting over 100 npm and PyPI packages including Mistral AI
Re-emerging supply chain attack hitting hundreds of packages with tens of millions of weekly downloads.
New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages
A rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Composer repositories. The breached projects include widely used libraries from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared fi
AWS outage halts Coinbase trades
Coinbase trades halted; additional cooling capacity being brought online, says AWS
April 2026
OpenSearch 3.6 debuts with new observability stack
OpenSearch 3.6 lands as first LTS release with new observability stack, APM and agent tools for search, tracing and relevance tuning.
Three insights you might have missed from theCUBE’s coverage of KubeCon + CloudNativeCon EU
Modern infrastructure is being reshaped as artificial intelligence drives new levels of AI complexity across the stack. Kubernetes has moved into the center of AI-driven operations, but the shift is exposing a stubborn reality. Teams are still dealing with skill gaps, fragmented tooling and risin
Fake GitHub CI Update Steals Secrets and Tokens
An automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick maintainers. The cam
Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign
After hackerbot-claw, another AI-powered campaign exploiting pull_request_target confirms the threat is here to stay. We trace the attacker back to three weeks before anyone noticed.
The Document Foundation Just Expelled the Engineers Who Built LibreOffice — And the Fallout Could Reshape Open Source Governance
The Document Foundation expelled LibreOffice's most prolific developers over alleged conflicts of interest, triggering a governance crisis that could lead to a project fork and dest
March 2026
Amid AI platform chaos, OpenSearch cements itself as an infrastructure standard
The rise of agentic AI is forcing enterprises to rethink data infrastructure from the ground up. Instead of maintaining separate systems for observability, search and AI applications, organizations are now consolidating onto unified AI data infrastructure layers that can handle the speed and comp
OpenSearch named GigaOm leader in vector databases
OpenSearch named a Leader and Fast Mover in GigaOm's 2025 vector database radar, underscoring its growing role in AI search infrastructure.
Open-source complexity is rising — managed platforms may be the missing link
Open-source software has become the backbone of modern application infrastructure. From distributed databases to event streaming platforms, technologies such as Apache Cassandra, Apache Kafka and PostgreSQL increasingly power the digital services that organizations rely on every day. But as adopt
February 2026
OpenSearchCon Europe 2026 agenda puts AI & search in focus
OpenSearchCon Europe 2026 will spotlight AI-era search, observability and “sovereign AI” as it brings 50-plus open source sessions to Prague.
Elastic’s AI Inference Gambit: Why Wall Street Is Watching the Search Company’s Bold Play for Self-Managed Enterprise Customers
Elastic's new AI Inference Service in Elasticsearch 9.3 brings embedded inference and Jina.ai reranker models to self-managed customers, signaling a strategic push into enterprise A