OpenAI said employees were compromised in the TanStack npm supply chain incident, which may have exposed code signing certificates for iOS, macOS, and Windows. The company is rotating its certificates and urging users to update ChatGPT, Codex, and Atlas to avoid the risk of backdoored software. #OpenAI #TanStack #ChatGPT #Codex #Atlas
Keypoints
- OpenAI was impacted again by a supply chain incident involving the npm ecosystem.
- Two employees were compromised after installing tainted npm packages.
- Code signing certificates for iOS, macOS, and Windows may have been exposed.
- OpenAI is rotating certificates to prevent backdoored ChatGPT or other apps from spreading.
- Users should update ChatGPT, Codex, and the Atlas browser to the latest versions.
Read More: https://securityonline.info/openai-chatgpt-codex-certificate-rotation-tanstack-incident/