Tag
The article argues that GNU IFUNC and design decisions linking OpenSSH to SystemD were the primary enablers of the CVE-2024-3094 xz-utils backdoor, rather than the malicious code itself.
A Roblox cheat infected a Context.ai employee with Lumma Stealer, which led to compromised OAuth credentials being used to breach Vercel's internal systems, exposing non-sensitive environment variables and highlighting risks of broad AI tool OAuth permissions.
OpenAI disclosed a security incident where the Axios developer tool was compromised as part of a broader supply chain attack, potentially exposing their macOS code signing certificate. OpenAI found no evidence of data compromise but is proactively revoking and rotating its certificate, requiring users to update their macOS applications.