ci/cd

OpenAI Rotated Its macOS Signing Certs After the Axios Attack. No Proof of Key Theft. They Rotated Anyway.

John Z Black Apr 13, 2026

Security Operations & Resilience #supply-chain #openai #code-signing #macos #ci/cd #axios #certificate-revocation

A malicious Axios npm package executed inside OpenAI's GitHub Actions signing workflow. Their investigation found no evidence keys were stolen. They revoked and rotated the certificates anyway. That decision is the interesting part.

CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet

John Z Black Mar 24, 2026

Threat Intelligence #supply-chain #teampcp #canisterworm #kubernetes #ci/cd #npm #trivy #kics #wiper

TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.

Trivy Incident Reality Check: Your Security Tool Can Become Your Attack Path

John Z Black Mar 21, 2026

Security Operations & Resilience #trivy #github-actions #supply-chain-security #ci/cd #secrets-management

The Trivy incident is a blunt reminder that CI security tools need the same zero-trust controls as production systems.