Story coverage

OpenAI flags software supply chain scare

The incident could have allowed hackers to exfiltrate a certificate that could make phony OpenAI apps look legitimate.

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.

Our response to the Axios developer tool compromise

We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident. Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.

A hacker hijacked a popular coding tool to deliver malware.

A hacker took over an account belonging to the lead maintainer of the JavaScript library, Axios, which is used to handle HTTP requests, as reported by Cybernews. Security researchers found that versions 1.14.1 and 0.30.4 contained the script for a remote access trojan capable of giving hackers access to a user’s Windows, macOS, or Linux device.