OpenAI

OpenAI was impacted by the TanStack supply chain attack, resulting in two employee devices being compromised and the exfiltration of credential material from internal source code repositories.

A malicious repository on Hugging Face, impersonating OpenAI's 'Privacy Filter' project, distributed information-stealing malware to Windows users by executing a PowerShell command that downloads and runs a Rust-based infostealer, which exfiltrates collected data to a command-and-control server.

Cisco researchers discovered that attackers can manipulate vision-language models (VLMs) by using pixel-level perturbations in images to embed malicious instructions, which are unreadable by humans but interpreted by AI, leading to potential data exfiltration or other unauthorized actions.