OpenAI rotates macOS code-signing certificates after supply-chain exposure
Security Tool/Service
Summary
Hide ▲
Show ▼
OpenAI is rotating and revoking macOS code-signing certificates, forcing users of ChatGPT Desktop, Codex, Codex CLI, and Atlas to update so trust in signed apps is reset before older builds stop launching. The change matters because the affected certificate sat in a GitHub Actions workflow that executed a malicious Axios package, creating a possible path for abuse of OpenAI-signed macOS software. May 8, 2026 is the revocation date, and older app versions may stop working after that point.
Related Happenings
OpenAI hit by cyberattack
Incident
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/Service
First: 28.04.2026 16:18
Last: 28.04.2026 16:18
Sources 1
About this happening:
**Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026
Security Tool/ServiceAbout this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...
UNC1069 Axios npm supply-chain campaign targeting build pipelines
Campaign
First: 01.04.2026 10:44
Last: 01.04.2026 10:44
Sources 1
How related:
The Axios supply chain attack has been linked to North Korean threat actors tracked as UNC1069, who conducted a social engineering campaign against one of the project's maintainers.
About this happening:
The **Axios npm supply-chain compromise** has been tied to **UNC1069**, putting **npm consumers** and downstream **build pipelines** at risk from trojanized releases. Attackers se...
UNC1069 Axios npm supply-chain campaign targeting build pipelines
CampaignHow related: The Axios supply chain attack has been linked to North Korean threat actors tracked as UNC1069, who conducted a social engineering campaign against one of the project's maintainers.
About this happening: The **Axios npm supply-chain compromise** has been tied to **UNC1069**, putting **npm consumers** and downstream **build pipelines** at risk from trojanized releases. Attackers se...
Latest development: 13.04.2026 20:39
OpenAI is revoking and rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a compromised Axios package version 1.14.1 during a March 31, 2026 supply-chain attack. The workflow had access to certificates used to sign ChatGPT Desktop, Codex, Codex CLI, and Atlas, and OpenAI says it found no evidence that user data, systems, intellectual property, or the signing certificate were compromised.
Claude Code trojanized HTTP client delivery via npm
Malware Activity
First: 01.04.2026 09:12
Last: 01.04.2026 09:12
Sources 1
About this happening:
The **npm** distribution path for **Claude Code** exposed some users to a **trojanized HTTP client**, creating a possible **cross-platform remote access trojan** delivery route. S...
Claude Code trojanized HTTP client delivery via npm
Malware ActivityAbout this happening: The **npm** distribution path for **Claude Code** exposed some users to a **trojanized HTTP client**, creating a possible **cross-platform remote access trojan** delivery route. S...
Google Android developer verification rollout for sideloaded apps
Security Tool/Service
First: 31.03.2026 21:28
Last: 31.03.2026 21:28
Sources 1
About this happening:
Google is rolling out **Android developer verification** for apps distributed outside **Google Play**, tightening sideloading controls to make anonymous abuse harder. The first en...
Google Android developer verification rollout for sideloaded apps
Security Tool/ServiceAbout this happening: Google is rolling out **Android developer verification** for apps distributed outside **Google Play**, tightening sideloading controls to make anonymous abuse harder. The first en...
Timeline
-
13.04.2026 20:39 1 articles · 1mo ago
Compromised Axios package executes in OpenAI GitHub Actions workflow
Exploitation ObservedA legitimate GitHub Actions workflow downloaded and executed a compromised Axios package version 1.14.1 on March 31, 2026, and that workflow had access to code-signing certificates used to sign OpenAI's macOS apps, including ChatGPT Desktop, Codex, Codex CLI, and Atlas.
Show sources
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow — www.bleepingcomputer.com — 13.04.2026 20:39
-
13.04.2026 20:39 1 articles · 1mo ago
OpenAI warns of potentially exposed macOS signing certificates
Initial DisclosureOpenAI said its investigation found no evidence that user data, systems, intellectual property, or software were altered, but it is treating the signing certificate as potentially compromised, revoking and rotating it, and requiring macOS users to update OpenAI apps to the latest versions.
Show sources
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow — www.bleepingcomputer.com — 13.04.2026 20:39
-
13.04.2026 20:39 2 articles · 1mo ago
OpenAI revokes old macOS signing certificate on May 8, 2026
Mitigation Patch UpdateOpenAI said the previous certificate will be fully revoked on May 8, 2026, after which macOS protections will block applications signed with it, and it is working with Apple to prevent future notarization with that certificate.
Show sources
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow — www.bleepingcomputer.com — 13.04.2026 20:39
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow — www.bleepingcomputer.com — 13.04.2026 20:39