OpenAI reassured users that there was no indication of a data breach involving its systems after a cyberattack linked to a North Korean group targeted the developer tool Axios. The company clarified that no user data, intellectual property, or software integrity was compromised. In response to the incident, which began on March 31, OpenAI is updating its security certificates, requiring all macOS users to upgrade to the latest app versions to prevent potential distribution of fake applications. The attack exploited a software supply chain vulnerability, affecting OpenAI’s GitHub Actions workflow used for macOS app-signing. OpenAI confirmed that although the signing certificate likely wasn’t exfiltrated, they are revoking it as a precaution. This incident underscores the increasing trend of cyberattacks targeting third-party vendors, emphasizing the need for enhanced security in supply chain relationships. For ongoing updates on cybersecurity and AI, join our daily AI Newsletter.
Source link
