Bleeping Computer

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. The company said that on ...
Bleeping Computer

Microsoft Trusted Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...
Computer Weekly

GitHub warns Desktop, Atom users after code-signing certificates pinched

GitHub has issued an urgent warning to users of its Desktop for Mac and Atom text editor applications after an unauthorised actor broke into its systems and stole two encrypted DigiCert code-signing ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...

OpenAI to Apple macOS users: Update ChatGPT, Codex and its other apps before May 8 or lose access

OpenAI is mandating macOS users update ChatGPT Desktop and other apps by May 8, 2026, due to a compromised JavaScript library ...