OpenAI is responding to a supply chain attack that affected its signing keys and limited internal source code repositories, requiring macOS users to update their apps by June 12 to stay supported and protected. The broader campaign also hit TanStack, Mistral AI, LiteLLM, Mercor, and the European Commission, with TeamPCP linked to stolen code and credential-stealing malware. #OpenAI #TanStack #MistralAI #LiteLLM #Mercor #EuropeanCommission #TeamPCP
Keypoints
- OpenAIβs signing keys were impacted in a supply chain attack.
- MacOS users must update OpenAI apps by June 12 to keep support.
- The company found limited credential exfiltration from internal repositories.
- TanStackβs npm packages were compromised with credential-stealing malware.
- TeamPCP allegedly sold stolen code and targeted Mistral AI and other victims.
Read More: https://therecord.media/openai-asks-macos-users-to-update-tanstack-npm