OpenAI rotates macOS certs after Axios attack hit code-signing workflow

Monday, April 13, 2026 at 05:39 PM UTC·Source: BleepingComputer

Updated: Monday, April 13, 2026 at 05:40 PM UTC

Executive Summary

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]

Analysis

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]

Source Attribution

Originally published by BleepingComputer on Apr 13, 2026.

Related Threats

MEDIUMSupply Chain

Mythos and the AI Vulnerability Storm: Exploring the Control Point

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/mythos-and-the-ai-vulnerability-storm" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/1-2025_Website-Assets/2025_blog_images/Blog-AI-Vulnerability-Storm.jpg" alt="Mythos and the AI Vulnerability Storm: Exploring the Control Point" class="hs-featured-image" style="width:auto !important;

Apr 16, 2026Sonatype (Maven/npm)

MEDIUMSupply Chain

When AI Writes Code, Who Governs the Dependencies?

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/when-ai-writes-code-who-governs-the-dependencies" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_fed_ai.png" alt="Image with a hexagon shape at center with the letters AI and a web icon" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15

Apr 16, 2026Sonatype (Maven/npm)

MEDIUMSupply Chain

Supply chain dependencies: Have you checked your blind spot?

Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?

Apr 16, 2026WeLiveSecurity (ESET)