{"data":{"id":"56376613-46fb-4337-b4c5-19f22bf336e1","title":"OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident","summary":"OpenAI discovered that a GitHub Actions workflow (automated processes that run in code repositories) used to sign its macOS apps downloaded a malicious version of the Axios library on March 31, which contained a backdoor called WAVESHAPER.V2. Although OpenAI found no evidence that user data or systems were compromised, the company is treating its signing certificate as compromised and revoking it, which will cause older versions of its macOS apps to stop receiving updates and support after May 8, 2026.","solution":"OpenAI is revoking and rotating the compromised certificate. Users must update to the following minimum versions by May 8, 2026, or their apps will be blocked by macOS security protections: ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2. OpenAI is also working with Apple to prevent any new software notarization (Apple's process for verifying legitimate apps) using the old certificate, so unauthorized code signed with it will be blocked by default by macOS security protections.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html","publishedAt":"2026-04-13T06:50:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","ChatGPT","Codex","Atlas","Axios","npm"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-13T06:50:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}