OpenAI Rotates macOS Certs After Supply Chain Attack on Axios Package
OpenAI is taking a proactive stance, rotating its macOS code-signing certificates following a supply chain attack. According to Cyber Threat Intelligence, a malicious version of the Axios package (v1.14.1) was inadvertently downloaded and executed via a GitHub Actions workflow on March 31, 2026. This compromised package had access to OpenAI’s code-signing certificates, which are crucial for verifying the authenticity of its macOS applications like ChatGPT Desktop and Codex.
While OpenAI’s internal investigation, aided by a third-party incident response firm, found no direct evidence that the signing certificates were actually compromised or misused, the company is treating them as potentially exposed. This is a sensible precaution given the sensitive nature of code-signing keys. As a result, all affected OpenAI macOS applications will require users to update to newer versions signed with the freshly rotated certificates. Older versions may cease to function by May 8, 2026.
What This Means For You
- If your organization uses OpenAI's macOS applications (ChatGPT Desktop, Codex, Atlas), ensure all users update to the latest versions immediately to avoid functionality loss and potential downstream security risks from unpatched software.
🛡️ Detection Rules
2 rules · 5 SIEM formats2 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.
Traffic to Compromised Vendor — OpenAI
Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.
2 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get Detection Rules →Related Posts
JanaWare Ransomware: Turkish Citizens in the Crosshairs
The cybercriminal landscape is a constantly shifting beast, and new ransomware strains are always emerging. According to The Record by Recorded Future, a new player...
Microsoft Patches SharePoint Zero-Day, 160 Vulnerabilities
Microsoft's latest Patch Tuesday was a big one, addressing a staggering 161 vulnerabilities. According to SecurityWeek, this makes it the second-largest Patch Tuesday ever, based...
Microsoft Drops Windows 10 Extended Security Update
Microsoft has rolled out the Windows 10 KB5082200 extended security update, a critical patch addressing vulnerabilities initially slated for the April 2026 Patch Tuesday. According...