The incident, detailed in a case study by Ransom-ISAC, involved Kairos gaining access to a U.S. government entity's network, reportedly through a brute-force credential attack.
A security researcher, operating under the pseudonym "Srikanth L" and affiliated with CashlessConsumer, has alleged that the IDRBT's Domain Registration Portal, the exclusive registrar for India's .bank.in namespace, exposed over 33 unauthenticated API endpoints.
The campaign, dubbed "Poisoned Tenant" and discovered by Push Security, involves attackers creating fake OpenAI organizations using Gmail addresses but sending invitations from OpenAI's legitimate notification system.