Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Home/CyberSecurity News/OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately
CyberSecurity News

OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately

Key Takeaways OpenAI experienced a security incident stemming from a wider software supply chain attack targeting the Axios JavaScript library. The attack, attributed to North Korean threat actors,...

Marcus Rodriguez
Marcus Rodriguez
April 11, 2026 4 Min Read
26 0

Key Takeaways

  • OpenAI experienced a security incident stemming from a wider software supply chain attack targeting the Axios JavaScript library.
  • The attack, attributed to North Korean threat actors, compromised Axios npm accounts and injected a cross-platform Remote Access Trojan (RAT) into versions v1.14.1 and v0.30.4.
  • OpenAI’s macOS application certification infrastructure was exposed due to a misconfigured GitHub Actions workflow that pulled the malicious Axios update.
  • No user data, API keys, or systems were compromised, but OpenAI is revoking and rotating all macOS security certificates as a precaution.
  • macOS users of ChatGPT, Codex, and Atlas must update their applications immediately; older versions will become unsupported and potentially non-functional after May 8, 2026.

OpenAI has disclosed a security incident tied to a broader software supply chain attack that impacted the widely used Axios third-party JavaScript library. The incident, first detected on March 31, 2026, exposed elements of OpenAI’s macOS application certification infrastructure, though the company confirmed no user data, API keys, or internal systems were compromised.

Table Of Content

  • Key Takeaways
  • OpenAI’s Incident Response
  • What You Should Do

On March 31, 2026 (UTC), threat actors, believed to be affiliated with North Korea, successfully hijacked an npm account belonging to an Axios library maintainer. This compromise allowed them to push malicious updates, specifically versions v1.14.1 and v0.30.4, into the popular library.

These tampered versions surreptitiously introduced a hidden dependency named plain-crypto-js. This module functioned as a sophisticated cross-platform Remote Access Trojan (RAT), capable of operating across Windows, macOS, and Linux environments. According to cybersecurity firm Palo Alto Networks’ Unit 42, the malware was designed to conduct system reconnaissance, establish persistent access, and then self-destruct to hinder forensic analysis.

Axios is a cornerstone in the JavaScript development ecosystem, boasting over 100 million weekly downloads. This extensive reach amplified the potential impact of the supply chain compromise.

OpenAI’s Incident Response

OpenAI’s internal build pipeline utilized Axios within its GitHub Actions workflow. When this automated workflow pulled the compromised Axios update, the malicious library gained unauthorized access to certification and notarization materials crucial for digitally signing OpenAI’s macOS applications, including ChatGPT Desktop, Codex, and Atlas.

Code-signing certificates are fundamental trust anchors, verifying to Apple’s operating systems and the App Store that an application originates from its legitimate publisher. Exploiting this access, an attacker could theoretically have forged counterfeit OpenAI applications, signed with a seemingly valid certificate, thereby deceiving both end-users and Apple’s security mechanisms into accepting them as authentic. OpenAI attributed the root cause to a misconfiguration within its GitHub Actions workflow, which has since been rectified.

We recently identified a security issue involving the third-party developer library Axios that was part of a broader industry incident. We found no evidence that OpenAI user data was accessed, that our systems were compromised, or that our software was altered.

Out of a…

— OpenAI (@OpenAI) April 11, 2026

In response, OpenAI has initiated aggressive containment measures. The company is revoking and rotating all macOS security certificates to nullify any trust material that may have been compromised during the incident.

Consequently, all macOS users are now mandated to update their OpenAI applications—ChatGPT, Codex, Atlas, and Codex CLI—to their latest versions to incorporate these refreshed certificates. OpenAI has clarified that users do not need to change their passwords, as user credentials and API keys were unaffected by this incident.

A critical deadline has been set: after May 8, 2026, older versions of these macOS applications will no longer receive updates or support and may become completely non-functional. Users can update their applications securely via an in-app prompt or through official download links provided by OpenAI.

The impact of this attack on OpenAI was strictly limited to macOS applications; Android, Linux, and Windows platforms remained unaffected. OpenAI reiterated its findings of no evidence of user data exfiltration, system compromise, or software tampering.

This incident serves as a stark reminder of the escalating threat posed by software supply chain attacks, particularly those targeting developer tools—a vector increasingly favored by sophisticated state-sponsored threat actors. Organizations relying heavily on open-source libraries within automated CI/CD pipelines are urged to implement robust security practices such as dependency pinning, integrity verification, and regular workflow audits to mitigate exposure to similar risks.

What You Should Do

  • Update Immediately: If you use ChatGPT, Codex, Atlas, or Codex CLI on macOS, update your applications to the latest version without delay.
  • Verify Source: Always update applications through official in-app prompts or directly from OpenAI’s trusted download links.
  • No Password Change Needed: This incident did not affect user passwords or API keys, so no password reset is required.
  • Be Aware of Deadline: Older macOS versions of these applications will cease to function or receive support after May 8, 2026.
  • Implement Supply Chain Security: For developers and organizations, enforce dependency pinning, conduct integrity checks, and regularly audit CI/CD workflows to secure your software supply chain.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitMalwareSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Gmail End-to-End Encryption Now Available on Android and iOS

Next Post

Telegram Founder Pavel Durov Calls WhatsApp’s E2E Claim “Fraud

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us