1sec.ai

Tag

#supply-chain

Every item tagged supply-chain, newest first.

2 items

otherMay 13

Our response to the TanStack npm supply chain attack

OpenAI responded to the TanStack Mini Shai-Hulud npm supply chain attack by securing systems, updating signing certificates, and requiring macOS users to update OpenAI apps by June 12, 2026. The attack exploited a vulnerability in a third-party library. OpenAI took steps to protect against similar threats. You should assess your own dependencies for vulnerabilities.

Key takeaways
  • OpenAI secured systems and updated signing certificates post-attack.
  • macOS users must update OpenAI apps by June 12, 2026.
  • Attack exploited a third-party library vulnerability.
OOpenAI#supply-chain#security#npm
otherApr 10

Our response to the Axios developer tool compromise

OpenAI rotated macOS code signing certificates and updated apps after an Axios supply chain attack. The incident did not compromise user data. OpenAI took steps to prevent similar attacks in the future. You should review your own certificate management and update procedures.

Key takeaways
  • No user data was compromised.
  • macOS code signing certificates were rotated.
  • Apps were updated to prevent future attacks.
OOpenAI#security#supply-chain#certificate-management