OpenAI
-
OpenAI says two employees were affected in TanStack supply chain attack
OpenAI said two employees were affected in the TanStack supply chain attack, and it rotated code-signing certificates as a precaution. The company said customer data and production systems were not impacted.
-
Fake OpenAI privacy filter repository hit top of Hugging Face trending list
A malicious Hugging Face repository impersonating OpenAI’s Privacy Filter model reached the platform’s trending list before being disabled. HiddenLayer said it delivered Windows infostealer malware and drew about 244,000 downloads in 18 hours.
-
OpenAI launches GPT-5.4-Cyber for defensive security work
OpenAI launched GPT-5.4-Cyber for defensive security work and expanded its Trusted Access for Cyber program to thousands of defenders. The company said the rollout is meant to improve safeguards while limiting misuse.
-
OpenAI revokes Mac app certificate after Axios supply chain incident
OpenAI said a GitHub Actions workflow used to sign its Mac apps downloaded a malicious Axios package on March 31. The company is revoking the certificate, but said it found no evidence of data or system compromise.
-
OpenAI patches ChatGPT data leak bug, researchers say
OpenAI patched a ChatGPT flaw on February 20, 2026, after researchers said a malicious prompt could leak chat messages, uploaded files and other sensitive data through a hidden DNS-based channel.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
Microsoft finds SesameOp backdoor that uses OpenAI Assistants API for C2
Microsoft’s DART reported discovery of a custom .NET backdoor called SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel; Microsoft shared its findings with OpenAI, which disabled a suspected API key, and the victim remains unnamed.
-
Meta launches new anti-scam tools for WhatsApp and Messenger
Meta introduced new scam-detection features for Messenger and warnings for WhatsApp to help users spot and avoid scams, said the company, and reported disabling nearly 8 million accounts linked to scam centers while removing more than 21,000 impersonating Pages and accounts.
-
North Korea-linked hackers used AI-generated fake military ID in espionage campaign, researchers say
Researchers say North Korea’s Kimsuky used a deepfaked image of a military ID generated with ChatGPT to launch a July spear-phishing campaign against a South Korean defense-related institution, highlighting AI-assisted espionage tactics and the ongoing challenges of AI misuse.
-
OpenAI Bans Accounts Used by Cybercriminals for Malicious AI-Assisted Activities
OpenAI has banned a series of ChatGPT accounts linked to malicious activities by Russian and Chinese cybercriminals, revealing the extent to which threat actors are leveraging AI technology for malware development and social media automation.
