OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- South Africa: CIPC cyber attack leaves millions of entities vulnerable across nation
March 4, 2024
Sensitive data of at least three-million entities and individuals who were registered with the Companies and Intellectual Property Commission (CIPC) could have fallen into the wrong hands when the organisation’s database was hacked this week. Addresses, credit card details, ID numbers and names of companies and individuals might be compromised and the CIPC has called on ...
- Most data breaches on enterprise attack the supply chain
February 28, 2024
The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain. This is according to the Global Third-Party Cybersecurity Breach Report, a new research paper published by the SecurityScorecard security organization. As per the report, 75% of all third-party breaches targeted the software and technology supply chains, mostly because ...
- Facebook Marketplace users’ stolen data offered for sale
February 15, 2024
A cybercriminal was allegedly able to steal a partial database after hacking the systems of a Meta contractor. The leak consists of around 200,000 records that contain names, phone numbers, email addresses, Facebook IDs, and Facebook profile information of the affected Facebook Marketplace users. Read more… Source: Malwarebytes Labs
- US military notifies 20,000 of data breach after cloud email leak
February 14, 2024
The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year. According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently ...
- Prudential reveals it was hit by data breach
February 14, 2024
Hackers were able to break into one of the largest life insurance companies in the United States and stole sensitive employee and contractor data. Prudential Financial has filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) detailing the attack, according to a report. As per the filing, unnamed threat actors accessed the networks ...
- Bank Of America Warns Customers Of Data Breach Following 2023 Hack
February 13, 2024
A November 2023 breach at IT consulting and service provider Infosys McCamish Systems has now been confirmed to have led to a data breach impacting Bank of America customers. The number of Bank of America customers impacted by the breach, including personally identifiable information such as social security numbers, account numbers, date of birth and addresses, ...