OpenAI rotates macOS certs after Axios attack hit code-signing workflow

📅 13 April 2026 at 17:39 UTC📰 Bleeping ComputerView original source ↗

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

OpenAI has rotated potentially exposed macOS code-signing certificates after a malicious Axios package was executed in a GitHub Actions workflow, indicating a supply chain attack vulnerability.

⚙️Technical Details

Affected Systems

macOS

Attack Vectors

GitHub Actions workflow

💥Impact Assessment

Severity: c

Who Is at Risk

Users of affected macOS systems with potentially compromised code-signing certificates

🛡️Recommended Actions

1Update macOS system to the latest version

2Disable GitHub Actions workflows until verified for security

3Verify and update third-party software dependencies

📦Affected Products

macOS

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed