OpenAI Rotates macOS Certificates After Supply Chain Attack

OpenAI rotated potentially exposed macOS code-signing certificates following a supply chain attack involving a malicious Axios package executed via a GitHub Actions workflow. The incident targeted the code-signing process, though the article does not specify when the attack occurred or the exact timeline of certificate rotation. No CVE IDs or technical details about the malicious payload were provided. The attack exploited a dependency in the workflow, but the scope of impacted systems or users remains unclear. The action was taken as a precautionary measure to mitigate potential risks from compromised certificates.