Developer toolchain under attack
Recent supply-chain incidents have pierced developer-facing paths, from app-signing to utility downloads to IDE extensions. OpenAI rotated macOS app certificates after an axios-related supply-chain hit, security researchers warned about a campaign targeting VS Code extensions, and CPUID’s site briefly served installers laced with the STX RAT that stole browser passwords. The common pattern is that trusted developer endpoints and local utilities are now active attack surfaces. (scworld.com, layerlogix.com, techgines.com)
A software supply-chain attack no longer has to hit a data center to do damage; it can start in the tools developers trust on their own machines. On March 31, 2026, OpenAI said a GitHub Actions workflow in its macOS app-signing process downloaded a malicious Axios package, version 1.14.1, with access to signing and notarization material for ChatGPT Desktop, Codex App, Codex Command Line Interface, and Atlas. OpenAI said it found no evidence that user data, internal systems, intellectual property, or published software were compromised. OpenAI still revoked and rotated the certificate, published new builds, and said older macOS desktop app versions will stop receiving updates or support on May 8, 2026. The earliest replacement builds include ChatGPT Desktop 1.2026.051 and Codex Command Line Interface 0.119.0. A code-signing certificate is the digital seal that tells macOS an app really came from a named developer. If attackers can touch the system that handles that seal, they do not need to break the app itself to create a dangerous trust problem. That same trust problem showed up in developer extensions before this week’s certificate rotation. Wiz said in October 2025 that it found more than 550 valid secrets across more than 500 Visual Studio Code extensions, including over 100 tokens that could let an attacker push malicious updates to existing extensions. Wiz said those leaked update tokens covered roughly 150,000 installs across Visual Studio Code Marketplace and Open VSX, the registry used by forks such as Cursor and Windsurf. By default, Visual Studio Code auto-updates extensions, which turns a stolen publisher token into a direct delivery channel. Researchers had already seen that route used in the wild. SecurityWeek reported that the GlassWorm campaign hit Open VSX in October 2025, stealing GitHub, Git, and Node Package Manager credentials and spreading through compromised extensions and packages. GlassWorm hid code with invisible Unicode characters and used the Solana blockchain plus Google Calendar as command-and-control infrastructure, according to Koi Security’s findings cited by SecurityWeek. The campaign began on October 17, 2025, with seven compromised extensions on Open VSX, and at least one related extension later appeared in Microsoft’s marketplace. The local utility path is now part of the same pattern. SecurityWeek and BleepingComputer reported that attackers breached CPUID’s site in April 2026 and swapped official download links for CPU-Z and HWMonitor with trojanized installers carrying the STX remote access trojan. BleepingComputer said the attackers changed links through a compromised CPUID application programming interface, while later reporting cited by Ghacks said CPUID restored clean downloads and said the original signed binaries were not altered. The attack window was measured in hours, not weeks, but anyone who downloaded during that period could have received malware from the official site. Across all three cases, the weak point was not a phishing email or a fake mirror. It was a trusted developer path: a build workflow, an extension marketplace, or the official download button.
