OpenAI has reported a security issue linked to a popular developer library, Axios, which experienced a compromise on March 31, attributed to North Korean hackers. The incident involved an internal automation process that mistakenly executed a malicious version of Axios through GitHub Actions. However, OpenAI confirmed that user data remains secure, and no internal systems or intellectual property were compromised. Critical signing certificates were likely not extracted, preventing further damage. As a precautionary measure, OpenAI is enhancing its security protocols and advising macOS users to update applications, including ChatGPT Desktop and Codex, to avoid potential risks from malicious software. Notably, from May 8, older versions of these apps will stop receiving updates and support. This incident underscores the importance of securing software supply chains, emphasizing that even major companies like OpenAI can be targeted, though early detection can mitigate risks effectively.
Source link
