A supply chain attack targeting TanStack via the Mini Shai-Hulud malware compromised two OpenAI employee devices, exposing internal source code repositories and code-signing certificates for macOS, …
OpenAI has launched Daybreak, an AI-powered cybersecurity platform combining GPT-5.5 variants and Codex Security to automate vulnerability detection, threat modelling, and patch validation for …
A malicious Hugging Face repository impersonated OpenAI's legitimate Privacy Filter model, cloning its description verbatim to gain credibility and reach the platform's trending list with 244,000 …
The US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military …
OpenAI has introduced Advanced Account Security, an optional hardened authentication mode for ChatGPT and Codex users who face elevated risk of account takeover, including journalists, dissidents, and …
The UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security …
A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing …
A critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, …
A new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access …
Check Point Research disclosed a critical vulnerability in ChatGPT's code execution runtime that allows a single malicious prompt to establish a covert outbound exfiltration channel, bypassing …
A North Korean threat group (UNC1069) compromised the popular npm Axios library via a supply chain attack, injecting a backdoor (WAVESHAPER.V2) into two poisoned versions that were inadvertently …
OpenAI has expanded access to GPT-5.4-Cyber, a fine-tuned model designed for defensive cybersecurity applications, following Anthropic's reveal of its Mythos cybersecurity model. While framed as a …
CrowdStrike has announced a partnership with OpenAI's Threat Actor Collaboration (TAC) programme, positioning frontier AI models as defensive tools within the cybersecurity operations space. The …
OpenAI has launched GPT-5.4-Cyber, a cybersecurity-optimised model variant, alongside an expanded Trusted Access for Cyber (TAC) programme targeting authenticated defenders and security teams. While …
A single threat actor (IP 81.168.83.103) has been systematically scanning internet-facing systems since at least January 2026, specifically targeting credential files, API tokens, and configuration …