Code-signing - Geek Feed

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

April 15, 2026April 15, 2026 geekfeed0Tagged Apple Notarization, Axios, Certificates, Code-signing, macOS, OpenAI, Supply Chain Attack

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. The company said that on March 31, 2026, the legitimate workflow downloaded and executed a compromised Axios package (version 1.14.1) that was used in attacks to deploy malware on devices. That […]

3 mins read

New MacSync malware dropper evades macOS Gatekeeper checks

December 24, 2025December 24, 2025 geekfeed0Tagged apple, Code-signing, Info Stealer, Information Stealer, macOS, MacSync, malware

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. Security researchers at Apple device management platform Jamf say that the distribution method constitutes a significant evolution from past iterations that used less sophisticated “drag-to-Terminal” or ClickFix tactics. “Delivered as a code-signed and notarized Swift application within […]

2 mins read

Microsoft Trust Signing service abused to code-sign malware

April 2, 2025April 2, 2025 geekfeed0Tagged Certificates, Code-signing, malware, microsoft, Microsoft Trusted Signing

Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates as they can be used to sign malware to appear like they are from a legitimate company. Signed malware also has the advantage of potentially bypassing security filters that would normally block unsigned […]

5 mins read