:

OPENAI ROTATES MACOS CERTS AFTER AXIOS SUPPLY CHAIN HIT

AI DESK1 MIN READ
MON, APR 13, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

OpenAI is rotating potentially compromised macOS code-signing certificates following a supply chain attack that injected malicious code through a compromised Axios package into its GitHub Actions workflow.

The attack leveraged a malicious version of the Axios HTTP library to execute unauthorized code during OpenAI's build process. The compromised package was pulled into the company's CI/CD pipeline, potentially exposing code-signing credentials used to validate macOS applications. Code-signing certificates are critical security infrastructure—they authenticate software as legitimate and prevent tampering. If attackers obtained these credentials, they could sign malicious macOS applications that would appear trusted to users and systems. OpenAI's response involved rotating the affected certificates to prevent their continued misuse. The incident highlights persistent vulnerabilities in software supply chains, where attackers can compromise popular open-source dependencies to reach high-profile targets. The attack underscores the importance of hardening CI/CD security, including limiting credential access, monitoring dependency updates, and implementing strict code review practices. OpenAI has not disclosed whether any signed malicious code was distributed before the certificates were revoked.

■ SOURCES

Bleeping ComputerBloomberg Tech

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

JUST NOWSecurity Desk

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

JUST NOWAI Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.