macos

OpenAI Rotated Its macOS Signing Certs After the Axios Attack. No Proof of Key Theft. They Rotated Anyway.

John Z Black Apr 13, 2026

Security Operations & Resilience #supply-chain #openai #code-signing #macos #ci/cd #axios #certificate-revocation

A malicious Axios npm package executed inside OpenAI's GitHub Actions signing workflow. Their investigation found no evidence keys were stolen. They revoked and rotated the certificates anyway. That decision is the interesting part.

Apple Patched the Door. Attackers Used the Window.

John Z Black Apr 10, 2026

Threat Intelligence #atomic-stealer #amos #macos #clickfix #script-editor #malware #pypi #litellm #supply-chain

macOS 26.4 added Terminal security scanning to block ClickFix attacks. Within 48 hours, Atomic Stealer was back, running through Script Editor instead. One click. No warning.

ClickFix Went Cross-Platform This Week. Mac Users, You're Not Safe.

John Z Black Mar 17, 2026

Malware & Threats #clickfix #macsync #remcos #social-engineering #macos #vpn #malware #storm-2561

Three separate campaigns are using ClickFix to trick people into installing malware themselves. macOS, Windows, enterprise VPN users. No exploit needed. Just copy, paste, execute.