OpenAI said a GitHub Actions workflow involved in signing Mac applications downloaded and executed a malicious version of ...

OpenAI rotated macOS code‑signing certificate after Axios supply chain breach Malicious Axios 1.14.1 pulled into app‑signing ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

Spread the loveIn a significant incident underscoring the vulnerabilities of software supply chains, OpenAI took decisive action by revoking its macOS signing certificate on March 31, 2026. This move ...

OpenAI is asking Mac users to update ChatGPT, Codex, Atlas, and Codex CLI after a security issue involving Axios and macOS ...

OpenAI said Friday that it found evidence that one of its internal tools downloaded a compromised update from a recently ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

Abstract: Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile ...

Add Decrypt as your preferred source to see more of our stories on Google. Attackers used fake GitHub accounts to tag developers, claiming they had won $5,000 in ...