#code-signing-certificates

[ follow ]
#credential-exfiltration #supply-chain-attack #macos-security #npm-supply-chain-attack
Information security
fromTechRepublic
1 day ago

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after exposed code-signing certificates from an npm supply-chain attack.
#supply-chain-attack
Information security
fromThe Hacker News
1 day ago

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Two employee devices were impacted by a supply-chain attack, but no user data, production systems, or intellectual property were compromised or modified.
Information security
fromSecurityWeek
1 day ago

OpenAI Hit by TanStack Supply Chain Attack

Credential material was exfiltrated from internal repositories after a TanStack supply-chain attack, leading to credential rotation, session revocation, and app re-signing.
Information security
fromThe Hacker News
1 day ago

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Two employee devices were impacted by a supply-chain attack, but no user data, production systems, or intellectual property were compromised or modified.
Information security
fromSecurityWeek
1 day ago

OpenAI Hit by TanStack Supply Chain Attack

Credential material was exfiltrated from internal repositories after a TanStack supply-chain attack, leading to credential rotation, session revocation, and app re-signing.
more#supply-chain-attack
Information security
fromtheregister
1 day ago

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

Attackers exfiltrated limited internal credentials from two employee devices, prompting OpenAI to rotate signing certificates and require software updates.
fromIT Pro
6 months ago

A notorious ransomware group is spreading fake Microsoft Teams ads to snare victims

The current infection chain is built on a highly successful malvertising model. Threat actors buy Bing search engine advertisements to direct users to convincing-looking, but malicious landing pages," said Aaron Walton, threat intelligence analyst at Expel. "These search engine ads put links to the download right in front of potential victims. The most recent campaigns push ads for Microsoft Teams and impersonate the download pages. However, they've also cycled through other popular software such as PuTTy and Zoom.
Information security
[ Load more ]