Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
TradFi
Gate Card
Rewards
Square
Latest
Hot
News
Profile

OpenAI suffers supply chain attack exposing signing certificates, macOS applications will be forced to update next month

MeNews
robot
Abstract generation in progress
ME News Report, May 15 (UTC+8), according to Beating Monitoring, OpenAI confirmed that its internal environment was targeted by a malicious NPM package supply chain attack against TanStack, with two employees' devices infected. Although user data and core code were not affected, hackers stole access credentials to some internal code repositories, including code signing certificates used for iOS, macOS, and Windows products. To prevent hackers from using stolen certificates to release counterfeit applications, OpenAI announced a defensive certificate rotation and set a hard update deadline on the macOS platform. All macOS users using ChatGPT desktop, Codex, or Atlas browser must upgrade to the latest version before June 12, 2026, after which old certificates will be completely revoked, and security mechanisms will block the launch and fresh installation of outdated applications. This attack coincidentally occurred during OpenAI's internal security upgrade window. The company admitted that it had already been deploying stricter code package interception policies, but the two infected employee devices had not yet synchronized the latest configurations, allowing malicious components to exploit the gap. Regarding remediation, since Apple's macOS system mechanism defaults to intercept applications forged with stolen certificates, OpenAI chose to leave nearly a month for update buffering to avoid immediate revocation of certificates causing widespread disconnection for old users. Currently, iOS and Windows clients are unaffected, and user account passwords and API keys, among other core data, have been confirmed secure. (Source: BlockBeats)
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 5
  • 9
  • Share
Comment
Add a comment
Add a comment
GasFeeGrump
· 7h ago
Can two infected devices steal the signing certificate? How well is the internal network isolation implemented?
View OriginalReply0
AirdropCheck-InOfficer
· 7h ago
The security of the private key is a fortunate break in an otherwise unfortunate situation—otherwise, API keys would be flying around everywhere.
View OriginalReply0
ShatteredGlaze
· 8h ago
Fortunately, the core data wasn't lost, or else the leak of OpenAI's model weights would have caused a disaster.
View OriginalReply0
DrinkWaterBeforeTheMarket
· 10h ago
Internal credentials were stolen... How many systems will need to be checked afterward?
View OriginalReply0
MirrorBallPeeking
· 11h ago
Code signing certificates are fair game; attackers have big ambitions.
View OriginalReply0

  • Pinned

Sitemap