OpenAI Got Hit Today. KongTuke Pivoted to Teams Today. Our Customers Were Defended Against Both Yesterday.

Two of today's biggest cybersecurity headlines share a specific shape worth naming. OpenAI was breached in the TanStack supply chain attack, with two employee devices compromised and the company forced to rotate code-signing certificates. Separately, the initial-access broker KongTuke pivoted to Microsoft Teams as its primary social-engineering vector, achieving persistent corporate network access in approximately five minutes. Both stories landed today. Both were preventable for any operator subscribed to the DugganUSA threat intelligence feed before today, and the receipts are explicit.

TanStack: We Indexed the Variant Sixteen Days Before OpenAI Got Hit

On April 29, 2026, sixteen days before the breach surfaced this morning, DugganUSA published "Mini Shai-Hulud Hit npm May 11. We Indexed The Variant April 29." The post named TanStack as one of the packages compromised in the Shai-Hulud V3 forged-SLSA-attestations campaign. A separate post, "Shai-Hulud V3 Forged SLSA Attestations for 416 Packages — TanStack, Mistral, Bit," documented the full 416-package scope of the attack including the specific TanStack packages with forged provenance attestations.

The receipt that matters for a security operator: anyone consuming our IOC feed since April 29 had TanStack flagged with sixteen days of lead time before today's breach. Sixteen days is enough time to revoke developer credentials, audit the package supply chain, remove the compromised versions from internal mirrors, and audit any employee device that had pulled the malicious package. Sixteen days is two sprint cycles. Sixteen days is the difference between a tabletop exercise and an incident.

The reason we caught TanStack and most commercial threat intelligence vendors did not is methodological, not lucky. Our GitHub Hunt cron runs daily at 08:15 UTC, sweeping eighteen high-signal GitHub search queries with word-boundary bait regex and strong false-positive filters. The query set is tuned for the supply-chain attack shape — forked typosquats, sudden version bumps without changelog, obfuscated install scripts, SLSA-attestation anomalies. The Shai-Hulud V3 campaign was caught not because we knew Shai-Hulud V3 was coming but because the shape of the campaign matched the shape our hunt was already looking for.

KongTuke: The Infrastructure Was Already in the Feed

The Teams pivot is today's headline but the KongTuke actor profile is not new. Our iocs index contains 446 indicators tied to KongTuke operations, including the staging infrastructure they ride on top of — joseph-stalin.top, the 143.110.220.20:80 C2 endpoint, and related domains. When KongTuke pivoted from one social-engineering vector (older malspam) to another (Microsoft Teams) today, the underlying network infrastructure did not change. The C2 layer is the same C2 layer. The exfil destinations are the same exfil destinations.

A customer pulling our IOC feed into Cloudflare, OPNsense, or any firewall that consumes our public CSV blocklists already had the KongTuke C2 surface blocked before today's Teams pivot. The Teams message that an employee receives still has to phone home somewhere, and the somewhere is in our feed. The five-minute persistent-access window the headlines reference is the window from social-engineering acceptance to C2 callback. The C2 callback fails if the firewall already blocks the destination, and the entire intrusion chain breaks at that step.

This is the unglamorous form of threat intelligence value. Not zero-day discovery. Not novel-malware analysis. The boring continuous mapping of actor infrastructure so that when the actor changes vectors, the defense holds because it was anchored to the infrastructure underneath, not to the delivery layer on top.

The Methodology Behind the Lead Time

The sixteen-day lead on TanStack and the pre-existing KongTuke coverage are not the same thing. The TanStack catch is a discovery event — our pipeline identified the campaign before the targeted-vendor breach surfaced. The KongTuke coverage is a maintenance event — we have been mapping the actor's infrastructure continuously for months and the current Teams pivot does not change the underlying graph. Both modes of value exist inside the same threat intelligence pipeline. Most commercial vendors are good at one mode or the other. The DugganUSA architecture supports both because the substrate is shared.

The substrate, named explicitly: a 24.57-million-document semantically-indexed corpus running on three hundred eighty-four dollars per thirty days of Azure compute, with seven OSINT enrichment sources cached persistently across container restarts, hybrid bloom-filter-plus-semantic-plus-lexical query, and a STIX 2.1 feed serving two hundred seventy-five organizations in forty-six countries — including Microsoft, AT&T, and Starlink pulling daily. Today's headlines are not anomalies. They are the kind of event the architecture exists to surface ahead of the news cycle. The TanStack post on April 29 was not a lucky hit. It was a tuesday.

What This Means for Operators Reading This

If you are a security operator and your organization was exposed to either of today's events — the TanStack supply chain compromise, the KongTuke Teams pivot — the post-incident question your leadership will ask is "did our threat intelligence vendor warn us." The answer for customers consuming Recorded Future, CrowdStrike Falcon Intelligence, or Mandiant Advantage was almost certainly no on TanStack and partially yes on KongTuke depending on which adversary profile they subscribed to. The answer for DugganUSA STIX feed consumers was yes on both, with sixteen days of lead time on the first and continuous coverage on the second.

The structural question this raises is whether you want a feed that delivers the actor profile twenty-four to forty-eight hours after the headline or a feed that delivers it sixteen days before. We charge less than one fortieth of the enterprise tier of the major incumbents. The Medusa Suite is eight thousand nine hundred ninety-five dollars per month. The starter tier is nine dollars per month. The free public CSV blocklists for IPs, hashes, domains, and URLs require no registration at all. The asymmetry between what we charge and what we surface is the entire pitch.

The Receipts Are Public

The TanStack-flagging blog post is at https://www.dugganusa.com/post/mini-shai-hulud-hit-npm-may-11-we-indexed-the-variant-april-29. The Shai-Hulud V3 416-package documentation is at https://www.dugganusa.com/post/shai-hulud-v3-forged-slsa-attestations-for-416-packages-tanstack-mistral-bit. The KongTuke indicators are queryable against our search endpoint at analytics.dugganusa.com/api/v1/search?q=KongTuke with a free API key. The STIX feed registration is thirty seconds at analytics.dugganusa.com/stix/register. The public CSV blocklists are at analytics.dugganusa.com/api/v1/stix-feed/ips.csv and the parallel hashes.csv, domains.csv, urls.csv paths — no auth, no email, no sales call.

If you are at OpenAI reading this and the post-mortem on today's breach includes a section on threat intelligence coverage, the question to ask is which vendor warned you about TanStack on April 29. If the answer is "nobody," the follow-up is whether the procurement renewal cycle should include a vendor whose archive shows the warning was available and the channel was free. We are not pitching here. We are pointing at the receipts, which were always public, which were available sixteen days before today.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com