OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products.
The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no evidence that customer data, production systems, or deployed software were compromised.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How the EU Cyber Resilience Act Impacts Manufacturers
December 12, 2023
The European Union (EU) released their new Cyber Resilience Act which is claimed to be the first ever act put in place to ensure consumers are better protected by the manufacturers of both hardware and software products sold within the EU. This is a first since in the past the onus has been on the consumer ...
- Roblox and Twitch provider Tipalti breached by ransomware
December 5, 2023
Accounting software provider Tipalti says it is investigating a claim by ransomware group ALPHV that they have gained access to Tipalti’s systems. Tipalti makes software for accounting and payment automation and has some big names among its customers. In what seems to be a typical supply chain attack, ALPHV aka BlackCat are now threatening some Tipalti ...
- Hijackable Go Module Repositories
December 4, 2023
The Go module ecosystem is unique because it’s decentralized. Other packaging systems like Pypi or NPM require developers to create accounts to upload their packages. This gives the package platform the ability to moderate users and content. That isn’t the case with Go. Go developers publish modules by pushing their code to source control platforms like ...
- Guidelines for secure AI system development
November 28, 2023
AI systems have the potential to bring many benefits to society. However, for the opportunities of AI to be fully realised, it must be developed, deployed and operated in a secure and responsible way. AI systems are subject to novel security vulnerabilities that need to be considered alongside standard cyber security threats. When the pace of ...
- Thousands of house purchases frozen by cyber attack
November 25, 2023
Thousands of home moves have been thrown into limbo following a cyber attack on an IT company used by property conveyancers. An outage at CTS has hit around 80 law firms, halting a series of property exchanges and completions across the country since Wednesday. Rob Hailstone, chief executive of Bold Legal Group, which runs a forum ...
- Diamond Sleet supply chain compromise distributes a modified CyberLink installer
November 22, 2023
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, ...