"Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to protect our systems. We observed activity consistent with the malware's publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access."
"The artificial intelligence (AI) upstart said only limited credential material was successfully transferred from these code repositories, adding that no other information or code was impacted. Upon being alerted of the activity, OpenAI said it isolated impacted systems and identities, revoked user sessions, rotated all credentials across impacted repositories, temporarily restricted code-deployment workflows, and audited user and credential behavior."
"Since the impacted repositories included signing certificates for iOS, macOS, and Windows products, the company has taken the step of revoking the certificates and issuing new ones. As a result, macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas are required to update their apps to the latest versions. This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI."
"Users do not need to take any action for Windows and iOS apps. The certificates are scheduled to be revoked on June 12, 2026, after which new downloads and launches of apps signed with the previous certificate will be blocked by built-in macOS protections. Users are therefore advised to apply the updates before the cut-off date for optimal protection."
Two employee devices in a corporate environment were impacted through a supply-chain attack. Investigation found activity consistent with malware behavior, including unauthorized access and credential-focused exfiltration from a limited subset of internal source code repositories accessible to the impacted employees. Only limited credential material was transferred, and no other information or code was impacted. The response included isolating affected systems and identities, revoking user sessions, rotating credentials across impacted repositories, temporarily restricting code-deployment workflows, and auditing user and credential behavior. Because impacted repositories contained signing certificates for iOS, macOS, and Windows products, certificates were revoked and new ones issued. macOS users must update ChatGPT Desktop, Codex App, Codex CLI, and Atlas before June 12, 2026 to avoid blocked launches and downloads.
#supply-chain-attack #credential-exfiltration #code-signing-certificates #macos-app-updates #incident-response
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]