OpenAI has publicly disclosed a supply‑chain incident that affected the signing workflow for its macOS applications and, out of caution, is revoking and rotating the certificate used to notarize those apps. The company’s investigation found that a GitHub Actions workflow used in the macOS signing process pulled a compromised release of the widely used npm library Axios (version 1.14.1). Although
Tag: supply chain security
OpenAI Codex Command-Injection Flaw: How GitHub Tokens Were Exposed and What Teams Must Do Now
The rise of AI coding assistants has simplified developer workflows, but a recent discovery shows those conveniences can carry serious risk. Researchers at BeyondTrust found a critical command-injection vulnerability in OpenAI Codex that could be exploited to steal GitHub access tokens. The flaw demonstrates how an overlooked parsing detail — a branch name passed into a container setup script —