A poisoned software package compromised OpenAI employee devices before security teams could stop it. The company behind critical Ozempic injection components has been offline for weeks after a ransomware attack. And Change Healthcare is now facing another major lawsuit tied to the 2024 breach that crippled healthcare payments nationwide. Three stories. One message: Your business is now exposed to companies you don’t control. On this episode of Security Squawk, Bryan Hornung, Randy Bryan, and Reginald Andre break down three cyber incidents that reveal how third-party trust has become one of the biggest operational risks in business today. This Week’s Cybersecurity Breakdown 1. OpenAI, TanStack & the npm Supply Chain Worm A software supply chain attack spread through trusted developer ecosystems at massive speed: 42 npm packages poisoned in six minutes Malware stole GitHub tokens, AWS credentials, and CI/CD secrets OpenAI confirmed two employee devices were compromised ChatGPT Desktop, Codex App, Codex CLI, and Atlas certificates rotated Demonstrates how modern attacks now spread through trusted development infrastructure 2. West Pharmaceutical Ransomware Attack A cyberattack against a company most people have never heard of — but nearly everyone depends on: West Pharmaceutical components are used in roughly 43 billion injectable drug deliveries annually Includes Ozempic, Wegovy, insulin pens, vaccines, and hospital injectables Systems taken offline globally after ransomware deployment Manufacturing disruptions continue weeks later 3. Allied World v. Change Healthcare — The Financial Fallout Begins The legal consequences of the Change Healthcare breach are escalating: Cyber insurer Allied World filed suit seeking more than $1 million in damages Avesis operations were disrupted for roughly 90 days Root cause traced to a low-level Citrix account with no MFA Credentials were reportedly circulating on Telegram prior to the breach The Bottom Line The modern business attack surface is no longer just your company. It’s: your software vendors your healthcare clearinghouses your package repositories your pharmaceutical suppliers Every trusted relationship is now a potential point of failure. And when those companies get breached, your business absorbs the consequences. Support the show: buymeacoffee.com/securitysquawk Subscribe for weekly breakdowns of ransomware, supply chain attacks, AI threats, and executive-level cybersecurity strategy.
