OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

OpenAI disclosed a supply-chain compromise in which malware from the Mini Shai-Hulud campaign, delivered via a popular npm package, infected two developer machines and exposed developer credentials and code-signing certificates for its macOS, iOS, and Windows apps; the company found no evidence of customer-data access, rotated certificates, engaged external forensics, and is urging macOS users to install specific updated app versions by June 12.