OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.
OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers.
Axios is a widely used open source JavaScript HTTP client library for making requests in web and Node.js applications. It has over 100 million weekly downloads and is a dependency in countless developer projects and production systems.
In late March, attackers compromised the NPM account of a lead Axios maintainer and published two malicious NPM packages designed to download and execute a cross-platform RAT capable of running on Windows, macOS, and Linux.
Source: https://www.securityweek.com/openai-impacted-by-north-korea-linked-axios-supply-chain-hack/
Related breach coverage
- North Korean Hackers Target High-Profile Node.js Maintainers2026-04-06
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
- Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea2026-03-12
The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement. The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek.
- Axios NPM Package Breached in North Korean Supply Chain Attack2026-04-01
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
- Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack2025-11-05
The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information. The post Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack appeared first on SecurityWeek.