OpenAI disclosed that a GitHub Actions workflow used to sign its macOS apps downloaded a malicious Axios package (version 1.14.1) tied to a supply-chain compromise, but said no user data or internal systems were accessed. The company is revoking and rotating the signing certificate, blocking older macOS app versions after May 8, 2026, and the incident is linked to GTIG attribution of the npm compromise to UNC1069 and the WAVESHAPER.V2 backdoor. #OpenAI #Axios #WAVESHAPERV2 #UNC1069 #TeamPCP
Keypoints
- A GitHub Actions workflow used in OpenAIβs macOS app-signing process downloaded Axios 1.14.1, which contained a malicious dependency that deployed the WAVESHAPER.V2 backdoor.
- OpenAI found no evidence of user data or systems being exfiltrated but is treating the signing certificate as compromised and is revoking and rotating it.
- Google Threat Intelligence Group attributed the Axios npm compromise to the North Korean-linked group UNC1069.
- Separately, TeamPCP (aka UNC6780) exploited Trivy to steal credentials and push malware (SANDCLOCK, CanisterWorm) into multiple ecosystems, affecting packages like LiteLLM and Telnyx.
- Industry and government responses include CISA adding CVE-2026-33634 to its KEV list and recommendations such as pinning packages, short-lived credentials, internal mirrors, sandboxed CI runners, and enforcing 2FA.
Read More: https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html