Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

OpenAI is urging Mac users to update all apps after a supply chain security scare

(Dimitar Donovski / Unsplash)

By Cris Tolomia

OpenAI is requiring all macOS users to update their OpenAI apps after a supply chain attack compromised a third-party developer library and exposed certificates used to verify the authenticity of the company’s applications.

At the center of the breach was Axios, a JavaScript library with widespread adoption among developers. According to Forbes, tampered packages were uploaded to the npm registry on March 31, carrying remote access trojan malware. The window of exposure lasted roughly three hours before the packages were taken down. A targeted social engineering campaign gave the attacker a foothold on the lead maintainer’s machine; from there, npm account credentials were stolen and used to push the poisoned packages.

The attack is believed to be linked to North Korea.

Read more at Quartz

Click to listen highlighted text!