""Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We found no evidence that OpenAI user data was accessed, that our systems or intellectual property were compromised, or that our software was altered.""
""Our analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors.""
""As a result, older versions of all its macOS desktop apps will no longer receive updates or support starting May 8, 2026.""
OpenAI's GitHub Actions workflow downloaded a malicious Axios library, but no user data or internal systems were compromised. The attack was linked to a North Korean hacking group, which hijacked an npm account to distribute poisoned package versions. OpenAI's analysis indicated that the signing certificate was likely not exfiltrated. Despite this, OpenAI is treating the certificate as compromised and will revoke it, leading to older macOS apps losing updates and support after May 8, 2026.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]