OpenAI’s Mac apps needs an update thanks to the Axios hack | CyberScoop<\/title> <meta name=\"description\" content=\"The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/openai-axios-supply-chain-attack\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"OpenAI's Mac apps needs an update thanks to the Axios hack\"> <meta property=\"og:description\" content=\"The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/openai-axios-supply-chain-attack\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-13T20:24:37+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-13T20:24:40+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1775074092g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88573\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88573\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenai-axios-supply-chain-attack%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenai-axios-supply-chain-attack%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88573 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/openai-axios-supply-chain-attack\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.986754966887\">\n<div class=\"single-article__header-content\" readability=\"35.563926940639\">\n<p> The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not impacted. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88573\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"OpenAI\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-2.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.302429852473\"><body readability=\"68.588315217391\"><\/p>\n<p>OpenAI updated its security certificates and is requiring all macOS users to update to the latest versions after determining its products, along with many others, were <a href=\"https:\/\/openai.com\/index\/axios-developer-tool-compromise\/\">impacted by a widespread supply-chain<\/a> attack that briefly infected a popular open-source library in late March, the company said in a blog post Friday.<\/p>\n<p>The artificial intelligence vendor said it \u201cfound no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.\u201d<\/p>\n<p>Yet, because a GitHub workflow the company uses to sign certificates for macOS applications downloaded and executed a malicious version of Axios, the company is treating the soon-to-be defunct certificate as compromised.<\/p>\n<p>A North Korean hacking group injected malware into two versions of Axios after it <a href=\"https:\/\/github.com\/axios\/axios\/issues\/10636\">compromised the lead maintainer\u2019s computer<\/a> via social engineering and took over his npm and GitHub accounts. Jason Saayman, the lead maintainer for Axios, said the malicious versions of the software were live for about three hours before removal. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Google Threat Intelligence Group, which tracks the threat group as UNC1069, said the impact of the attack was broad with <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/north-korea-threat-actor-targets-axios-npm-package\">ripple effects<\/a> potentially exposing other popular packages. The JavaScript libraries flow into dependent downstream software through more than 100 million and 83 million downloads weekly. <\/p>\n<p>The attack was discovered just weeks after a series of other open-source tools, including <a href=\"https:\/\/cyberscoop.com\/trivy-supply-chain-attack-aqua-downstream-extortion-fallout\/\">Trivy<\/a>, were compromised by UNC6780, also known as TeamPCP, resulting in aggressive extortion attempts. <\/p>\n<p>OpenAI insists the malware that infected Axios did not directly impact its certificate, which is designed to help customers confirm they are downloading legitimate software. <\/p>\n<p>\u201cThe signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors,\u201d the company said in the blog post. \u201cNevertheless, out of an abundance of caution we are treating the certificate as compromised, and are revoking and rotating it.\u201d<\/p>\n<p>Older versions of OpenAI\u2019s macOS apps may lose functionality and will no longer be supported when the certificate is fully revoked May 8, the company said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>OpenAI, which hired a third-party digital forensics and incident response firm to aid its investigation and response, pinned the root cause of the security issue on a misconfiguration in its GitHub workflow. The company said it corrected that error and worked with Apple to ensure fraudulent apps posing as OpenAI cannot use the impacted certificate.<\/p>\n<p>The 30-day window is designed to minimize disruption for users, but OpenAI said it will speed up the revocation deadline if it identifies any malicious activity. The company did not immediately respond to a request for comment.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.498046875\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/openai-axios-supply-chain-attack\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenAI’s Mac apps needs an update thanks to the Axios<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,384,282,78,281,1073,3288,564,256,1813,1866,310,288],"tags":[236,388,286,86,285,1076,3290,565,262,1814,1868,311,294],"class_list":["post-8523","post","type-post","status-publish","format-standard","hentry","category-ai","category-artificial-intelligence-ai","category-cybercrime","category-cybersecurity","category-hacking","category-open-source","category-open-source-software","category-openai","category-research","category-supply-chain","category-supply-chain-attacks","category-technology","category-threats","tag-ai","tag-artificial-intelligence-ai","tag-cybercrime","tag-cybersecurity","tag-hacking","tag-open-source","tag-open-source-software","tag-openai","tag-research","tag-supply-chain","tag-supply-chain-attacks","tag-technology","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source-software\/\" rel=\"category tag\">open source software<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openai\/\" rel=\"category tag\">OpenAI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain\/\" rel=\"category tag\">supply chain<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/supply-chain-attacks\/\" rel=\"category tag\">supply chain attacks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8523"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8523\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8523,"date":"2026-04-13T15:24:37","date_gmt":"2026-04-13T20:24:37","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88573"},"modified":"2026-04-13T15:24:37","modified_gmt":"2026-04-13T20:24:37","slug":"openais-mac-apps-needs-an-update-thanks-to-the-axios-hack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/13\/openais-mac-apps-needs-an-update-thanks-to-the-axios-hack\/","title":{"rendered":"OpenAI\u2019s Mac apps needs an update thanks to the Axios hack"},"content":{"rendered":"