OpenAI Employee Systems Breached Through TanStack Supply Chain Attack

OpenAI disclosed a supply chain breach affecting two employee devices via the TanStack attack, requiring macOS users to update ChatGPT Desktop and other apps before certificate revocation in June.

The Latest

Breaking News and Alerts

Critical Zero-Day in Cisco SD-WAN Controller Allows Full Admin Takeover

The flaw gives unauthenticated attackers full administrative control over enterprise SD-WAN infrastructure without any valid credentials.

Spotlight

Cybersecurity Profiles and Stories

Attackers Exploit Unpatched PraisonAI API Authentication Gap

Attackers began probing PraisonAI deployments within hours of the advisory, scanning for the exposed /agents and /chat endpoints on internet connected instances.

Active Exploitation of PAN-OS Flaw Grants Attackers Root Access

Palo Alto Networks warns of active exploitation of a PAN-OS remote code execution vulnerability by state-sponsored actors, with patches expected in mid May.

Massive Phishing Wave Uses Fake Code of Conduct Scare to Steal Credentials

Microsoft uncovered a credential theft campaign that used fake code of conduct violations to trick 35,000 users across 13,000 organizations in a three day window.

New Linux Kernel Flaw Gives Attackers Root Access on Multiple Distributions

The Dirty Frag vulnerability exploits two separate kernel page cache write flaws to provide reliable root access without requiring race conditions or causing system crashes.

Features

Research and Thought Leadership