OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

Monday, April 13, 2026 at 06:50 AM UTC·Source: The Hacker News

Updated: Monday, April 13, 2026 at 07:59 AM UTC

Executive Summary

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found

Analysis

Source Attribution

Originally published by The Hacker News on Apr 13, 2026.

Related Threats

MEDIUMSupply Chain

Mythos and the AI Vulnerability Storm: Exploring the Control Point

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/mythos-and-the-ai-vulnerability-storm" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/1-2025_Website-Assets/2025_blog_images/Blog-AI-Vulnerability-Storm.jpg" alt="Mythos and the AI Vulnerability Storm: Exploring the Control Point" class="hs-featured-image" style="width:auto !important;

Apr 16, 2026Sonatype (Maven/npm)

MEDIUMSupply Chain

When AI Writes Code, Who Governs the Dependencies?

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/when-ai-writes-code-who-governs-the-dependencies" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_fed_ai.png" alt="Image with a hexagon shape at center with the letters AI and a web icon" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15

Apr 16, 2026Sonatype (Maven/npm)

MEDIUMSupply Chain

Supply chain dependencies: Have you checked your blind spot?

Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?

Apr 16, 2026WeLiveSecurity (ESET)