





















OpenAI has identified a security issue involving a widely used third-party developer tool but says there is no evidence that user data was accessed or compromised.
The issue is linked to Axios, a popular developer library that was reportedly compromised on March 31 as part of a broader software supply chain attack. The attackers are believed to be associated with North Korean hacking groups, News.Az reports, citing Reuters.
According to OpenAI, the incident affected an internal automation process using GitHub Actions, which mistakenly downloaded and executed a malicious version of Axios. This workflow had access to sensitive signing tools used to verify the authenticity of OpenAI’s macOS applications.
Despite the breach in the development pipeline, OpenAI emphasized that:
The company added that its investigation suggests the attackers were likely unable to extract critical signing certificates, limiting the potential damage.
As a precaution, OpenAI is strengthening its security certifications and urging all macOS users to update their apps to the latest versions. This step is aimed at preventing any risk of fake or malicious versions of OpenAI software being distributed.
Affected apps include:
OpenAI also confirmed that passwords and API keys were not impacted.
Starting May 8, older versions of OpenAI’s macOS applications will:
The company traced the issue back to a misconfiguration in its GitHub Actions workflow, which has now been fixed.
This incident highlights the growing risk of supply chain attacks, where hackers target trusted third-party tools to infiltrate larger systems. Even major tech companies like OpenAI are not immune—but in this case, early detection prevented a wider breach.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。