DD
MM
YYYY

CATEGORIES

PAGES

DD
MM
YYYY

spot_img

CATEGORIES

PAGES

Home Blog

OpenAI Rotates macOS App Certificates After Axios Supply-Chain Attack, Says No User Data Was Breached

By
Samuel Nwite
-
0

OpenAI announced on Friday that it had identified a security issue related to a compromised third-party developer tool, prompting the company to rotate its macOS application signing certificates and require users to update their desktop apps to the latest versions.

The company said there is no evidence that user data was accessed, internal systems or intellectual property were compromised, or any OpenAI software was altered, framing the incident as a contained software supply-chain scare rather than a customer data breach.

The issue stems from Axios, a widely used open-source developer library that was compromised on March 31 as part of a broader supply-chain attack that cybersecurity researchers and media reports have linked to actors believed to be associated with North Korea.

According to OpenAI, one of its GitHub Actions workflows used in the macOS app-signing pipeline downloaded and executed the malicious Axios version, specifically version 1.14.1.

That workflow had access to highly sensitive materials used for Apple code signing and notarization, including the certificate that verifies OpenAI’s macOS applications as authentic software.

The affected products include ChatGPT Desktop, Codex, Codex CLI and Atlas. This is the most significant aspect of the incident.

The immediate risk was not theft of user chats, passwords, or API credentials. Rather, the greater concern was that if the signing certificate had been successfully exfiltrated, attackers could potentially use it to distribute fake macOS applications that appear to be legitimate OpenAI software.

Such apps could pass Apple’s trust checks and appear authentic to users, making them far more dangerous than ordinary phishing downloads. That is why OpenAI has moved quickly to revoke and rotate the certificate, even though its forensic review concluded the malicious payload likely did not successfully steal the signing credentials.

The company said this conclusion was based on the timing of the malicious code execution, sequencing of the CI job, and the way the certificate was injected into the workflow environment. Still, OpenAI is treating the certificate as potentially exposed “out of an abundance of caution,” a standard incident-response practice in software security.

Effective May 8, older versions of OpenAI’s macOS desktop applications will no longer receive updates or support and may stop functioning, the company said.

That move is designed to ensure users migrate to builds signed with the newly rotated certificate.

For users, the practical instruction is to update the macOS ChatGPT app immediately through the in-app updater or the official OpenAI download page. OpenAI also said that passwords and API keys were not affected, and that the root cause has been traced to a misconfiguration in the GitHub Actions workflow, which has since been fixed.

The broader impact of this incident goes well beyond OpenAI. It has been noted as a textbook example of a software supply-chain attack, where hackers compromise a trusted third-party dependency rather than attacking the target company directly. Because Axios is one of the most widely used JavaScript HTTP libraries in the world, with tens of millions of downloads weekly, the breach had industry-wide implications.

Security researchers said the malicious versions were live only briefly before being removed, but even a short exposure window can be enough to compromise automated build pipelines across major organizations. What makes this especially notable is that the attack appears to have targeted developer infrastructure rather than end users directly.

That mirrors a growing trend in cyber operations: attackers increasingly seek access to CI/CD pipelines, code-signing systems, and package registries, where a single compromise can cascade across multiple products and companies. The incident also highlights the rising cyber risks facing AI firms as they expand beyond models and APIs into full software ecosystems.

While much public attention around AI safety focuses on misuse of models, this incident is a reminder that traditional software security risks, including dependency poisoning and certificate compromise, remain just as critical.

In market and trust terms, OpenAI’s quick disclosure and certificate rotation are likely intended to reassure enterprise users and developers that the company’s response process is mature. So far, the evidence suggests this was a preventive containment exercise rather than a breach of customer systems.

Global Markets Flashing Green Across Both Crypto and Equities

By
Paul Ugbede Godwin
-
0

The market’s flashing some green across both crypto and equities right now, with a classic short squeeze providing fuel in digital assets and a mix of institutional signals plus bullish calls supporting stocks.

A wave of liquidations hit crypto derivatives recently, with over $248 million in positions wiped out in a short window heavily skewed toward shorts at ~$183M vs. longs. This kind of forced covering—where shorts buy back to close losing bets—often amplifies upward moves and contributed to the total crypto market cap climbing to around $2.41–2.55 trillion (it’s hovered in that zone recently, with Bitcoin pushing toward or past $71–73k levels in the mix).

Adding to the momentum: Morgan Stanley launched its spot Bitcoin ETF (MSBT) and it had a standout debut—pulling in roughly $33–34 million in first-day inflows and trading over 1.6 million shares. Analysts called it one of the strongest ETF launches in recent memory, helped by its ultra-low 0.14% fee, the cheapest among spot Bitcoin ETFs.

This marks the first major U.S. bank-backed Bitcoin ETF, potentially opening doors for more traditional wealth channels. Crypto’s showing resilience with short squeezes and fresh institutional product inflows, though it’s still a volatile space—liquidations can swing both ways. The S&P 500 has recovered nicely, up roughly 8% or more from its March 2026 lows. That’s a solid bounce amid broader risk-on sentiment.

Insider buying has picked up in spots, with some reports noting elevated activity in early 2026 or specific names, though broader data around February showed more selling than buying overall amid volatility. Still, pockets of confidence from executives or large holders can be a constructive signal when markets are digesting macro crosscurrents like geopolitics or inflation reads.

On the product side, Morgan Stanley’s MSBT debut ties into the broader theme of TradFi leaning into crypto exposure. And Tom Lee’s Fundstrat remains bullish: he’s sticking to a year-end S&P 500 target around 7,300, arguing the bottom is in and the index can grind higher despite potential inflation shocks or choppiness.

From current levels ~6,800s, that implies another ~7%+ upside if it plays out. He’s highlighted earnings resilience, sector rotations into tech, software, energy, finance, and stabilizing sentiment indicators.

Risk assets are catching a bid—crypto via squeeze mechanics and a landmark ETF launch, equities via recovery from March weakness and forward-looking optimism from voices like Lee. That said, these moves can be sharp and sentiment-driven; short squeezes fade without sustained demand, and equities face ongoing macro hurdles like rates, geopolitics, and inflation.

$248M in liquidations mostly shorts at ~$183M provided a quick upward jolt, helping push the total crypto market cap to $2.41T. This forced covering amplified buying pressure and contributed to Bitcoin trading around $72,000–73,000 recently. Morgan Stanley MSBT ETF strong launch with ~$30–34M in first-day inflows and volume — one of the top ETF debuts historically.

Lowest fee (0.14%) among spot Bitcoin ETFs signals growing TradFi confidence and potential for more institutional flows into crypto. Boosted sentiment and liquidity in a volatile environment, but moves like this can reverse without sustained demand. Up ~8% from March 2026 lows, reflecting broader risk-on rebound amid easing some macro and geopolitical pressures.

Tom Lee maintains 7,300 year-end target for the S&P 500 implying further upside from current ~6,800–7,000 zone. Cites bottom in place, earnings resilience, and sector strength despite potential inflation risks. Short-term bullish momentum across risk assets, driven by squeeze mechanics, institutional product inflows, and analyst optimism. However, both markets remain sensitive to macro data, geopolitics, and leverage unwind risks. Momentum can fade fast — position sizing and risk management matter.

Japan Doubles Down on Chip Sovereignty With Fresh $4 Billion Lifeline for Rapidus

By
Samuel Nwite
-
0

Tokyo’s latest multibillion-dollar funding injection into Rapidus underpins the scale of Japan’s strategic bet on rebuilding a domestic advanced semiconductor industry, as the country races to secure supply chains, regain technological leadership, and reduce dependence on overseas foundries.

Japan has sharply escalated its semiconductor ambitions, approving an additional ¥631.5 billion, or about $3.96 billion, in support for state-backed chipmaker Rapidus as it pushes to build one of the world’s most advanced domestic foundry operations.

The fresh funding, announced by the industry ministry on Saturday, lifts total research and development support for Rapidus to ¥2.354 trillion, reinforcing what is increasingly being treated not merely as an industrial policy initiative but as a national strategic project.

At its core, this is Japan’s attempt to re-enter the front ranks of global semiconductor manufacturing after decades of decline.

Rapidus is developing next-generation 2-nanometre logic semiconductors and is targeting mass production in fiscal 2027, an aggressive timeline that would place it in direct competition with the most advanced global foundries, notably Taiwan Semiconductor Manufacturing Company, Samsung Electronics, and Intel.

The scale of government backing makes clear that Tokyo sees chips as a national security issue as much as an economic one. Semiconductors now sit at the heart of everything from artificial intelligence and cloud infrastructure to defense systems, automotive manufacturing, and consumer electronics. Supply-chain disruptions during the pandemic, followed by rising U.S.-China technology tensions, exposed how vulnerable Japan and other industrial economies had become to overseas fabrication bottlenecks.

This latest allocation is therefore part of a broader push to restore strategic resilience. Officials said the support is aimed at accelerating domestic production of advanced semiconductors and strengthening supply chains, a goal that has become central to industrial policy across the United States, Europe, South Korea, and Japan.

The Rapidus is thus seen as a representation of Japan’s most ambitious effort in decades to reclaim relevance in leading-edge chip fabrication. Once a dominant force in semiconductors during the 1980s and early 1990s, Japan saw its position eroded by the rise of Taiwan, South Korea, and later China. Today, Tokyo is attempting to reverse that decline by combining public capital, private-sector partnerships, and international technology collaboration.

That strategy is visible in the wider package announced alongside the Rapidus funding. The ministry said NEDO, the New Energy and Industrial Technology Development Organization, will also support semiconductor design-related projects involving Fujitsu and IBM Japan.

This is especially important because advanced chip competitiveness is no longer determined by fabrication alone. Success increasingly depends on a full-stack ecosystem that includes chip architecture, design software, advanced packaging, and manufacturing yield optimization.

The involvement of IBM is particularly noteworthy given its longstanding collaboration with Rapidus on 2nm process technology, which provides a technical bridge between Japanese manufacturing ambitions and U.S. research capabilities.

The funding also highlights the sheer cost of competing at the frontier of semiconductor manufacturing. Developing a 2nm process requires enormous capital expenditure in clean rooms, extreme ultraviolet lithography, advanced materials, and process engineering talent. Even established global leaders spend tens of billions of dollars annually to stay at the leading edge.

The situation thus makes state support for Rapidus foundational. In February, the company had already secured around ¥160 billion from private investors, alongside a planned ¥250 billion in earlier government support. The latest injection dramatically expands that financial base and signals official confidence that the 2027 production target remains credible.

There is also a geopolitical layer that investors are paying keen attention to. As the global semiconductor race increasingly mirrors geopolitical alliances, Japan is positioning itself as a trusted alternative manufacturing hub within the U.S.-aligned technology bloc. That could make Rapidus strategically attractive to Western technology firms seeking supply diversification away from the Taiwan concentration risk.

But funding alone does not guarantee success, making execution the key question for markets. The challenge now shifts from capital formation to technological delivery: prototype validation, yield improvement, customer acquisition, and scaling to commercial volumes.

The 2027 target is ambitious by any standard, especially in a market where execution missteps can quickly erode confidence. However, Tokyo has sent a strong message with its financial backing. This is not a short-term subsidy. It is a long-horizon industrial wager aimed at restoring Japan’s place in the semiconductor hierarchy and ensuring it remains a central player in the AI and advanced computing era.

Digital Payments and Fintech Growth in South Asia: What Nepal Tells Us About the Region’s Next Frontier

By
TI Partners
-
0
A customer makes a purchase. 

When analysts talk about South Asian fintech, the conversation usually orbits around India’s UPI miracle or Bangladesh’s bKash dominance. Nepal rarely makes the headline. Yet the small Himalayan economy of roughly 30 million people is quietly running one of the most interesting digital payments experiments in the region, and the lessons coming out of Kathmandu deserve a closer look from anyone tracking emerging-market fintech.

The South Asian Payments Boom in Context

South Asia is now the fastest-growing digital payments region in the world. India processes more real-time transactions than the United States, China, and the entire eurozone combined. Bangladesh has pushed mobile financial services to more than 200 million registered accounts. Pakistan’s Raast system, modeled loosely on UPI, is onboarding banks at a pace few predicted three years ago.

The common thread across these markets is straightforward: a young, mobile-first population, a regulatory environment willing to experiment, and a cash economy that fintech can leapfrog rather than slowly displace. Nepal sits squarely inside that pattern, and its trajectory matters because it shows how the playbook works in a smaller, less-resourced market.

Nepal’s Quiet Fintech Build-Out

A decade ago, Nepal was an almost entirely cash-based economy. Bank penetration hovered around 40 percent, remittances from workers abroad arrived through informal channels, and digital commerce barely existed outside of a handful of urban neighborhoods.

Today the picture looks dramatically different. Domestic wallets like eSewa, Khalti, and IME Pay have collectively onboarded millions of users. The Nepal Rastra Bank rolled out a national payment switch that connects banks, wallets, and merchants under one interoperable rail. QR code payments have become routine in Kathmandu and Pokhara, with even small tea shops accepting digital payments. Remittance flows, which account for roughly a quarter of Nepal’s GDP, are increasingly routed through digital channels rather than cash pickups.

The transformation has been driven by three forces working in parallel. First, smartphone penetration crossed the threshold where digital services became viable for the mass market. Second, the central bank took an unusually open stance toward licensing payment service providers. Third, the country’s heavy dependence on remittances created an immediate, obvious use case for digital rails.

Where the Demand Is Actually Coming From

Here is where Nepal gets interesting for regional analysts. The growth in digital wallet usage is not being driven primarily by domestic e-commerce, which remains modest by Indian or Bangladeshi standards. It is being driven by cross-border digital consumption.

Nepali users are paying for streaming subscriptions, cloud gaming, software licenses, freelance marketplaces, and a long tail of offshore digital services that simply did not exist as paid categories five years ago. Affiliate platforms catering to Nepali audiences, including entertainment review sites like OCN, have grown alongside this shift because they sit at the intersection of consumer demand and the practical question of how to actually pay for international services from a country whose currency is not freely convertible.

This is the part of the story that gets missed when people frame fintech adoption purely in terms of domestic merchant payments. The real engine, in markets like Nepal, is the desire to participate in the global digital economy, and the friction that creates when local payment infrastructure has to bridge to international processors.

The Regulatory Tightrope

Nepal’s central bank has earned cautious praise for enabling the wallet ecosystem, but the regulatory environment is far from settled. Foreign exchange controls remain strict. Card issuance for international transactions is limited and often requires documentation that excludes large parts of the population. Cryptocurrency is officially banned, though enforcement is uneven and peer-to-peer activity continues.

The result is a market where demand for cross-border digital services consistently outpaces the legal infrastructure designed to serve it. Users find workarounds. Operators adapt. And the gap between what consumers want and what the formal system allows is, in many ways, the defining feature of Nepal’s fintech moment.

This tension is not unique to Nepal. Pakistan, Sri Lanka, and Bangladesh all wrestle with versions of the same problem. But Nepal’s smaller market size means the workarounds become visible faster, and the policy implications surface sooner.

What the Region Can Learn

Three takeaways stand out for fintech operators and policymakers watching South Asia.

The first is that interoperability matters more than any single product. Nepal’s progress accelerated noticeably once the national payment switch went live and wallets could talk to banks without bilateral integrations. Markets that delay this step pay for it in fragmented user experiences.

The second is that remittance corridors are the most underrated growth lever in emerging-market fintech. Building digital rails for inbound remittances creates an installed user base that can then be cross-sold into payments, savings, and credit. Nepal’s wallet operators understood this earlier than most.

The third, and probably the most uncomfortable, is that demand for cross-border digital consumption will keep outrunning regulation. The question for central banks is whether to build sanctioned channels that capture this activity inside the formal system, or to leave it to informal workarounds that are harder to monitor and tax.

The Bigger Picture

Nepal will not be the largest fintech market in South Asia. It does not need to be. What makes it worth watching is that it compresses the region’s broader dynamics into a market small enough to read clearly. The same forces shaping Mumbai and Dhaka are visible in Kathmandu, often in starker form.

For anyone trying to understand where South Asian digital payments are heading over the next five years, the smaller markets are where the experiments run fastest and the lessons land hardest. Nepal is doing more of that work than its size would suggest.

The Final Third Estimate for US Q4 2025 Real GDP Growth Came in at 0.5%

By
Paul Ugbede Godwin
-
0

The final (third) estimate for US Q4 2025 real GDP growth came in at 0.5% annualized, a sharp slowdown from 4.4% in Q3 2025 and well below earlier expectations. Advance estimate (February 2026): 1.4% already below consensus forecasts around 2.5–3.0%.

Second estimate (March 2026): Revised down to 0.7%. Third/final estimate (April 9, 2026): Further revised to 0.5%, primarily due to downward adjustments in investment including inventories and intellectual property and other components. For the full year 2025, real GDP grew 2.1%, down from 2.8% in 2024. Consumer spending still the main driver, though it decelerated to around 1.9–2.4% depending on the estimate.

Private investment particularly in equipment and intellectual property products, supported by AI-related activity. These were more than offset by: A sharp contraction in government spending subtracting roughly 1.0 percentage point, largely due to a prolonged federal government shutdown in October–November 2025. Declines in exports. Weaker residential investment and structures.

Private-sector activity showed more resilience than the headline number suggests, but the shutdown acted as a significant one-off drag. On the inflation side, PCE; the Fed’s preferred measure largely came in as expected or showed persistent pressures rather than cooling dramatically: Headline PCE in Q4 was around 2.9% year-over-year. Core PCE excluding food and energy remained sticky, with monthly gains of 0.4% in some recent readings and annual rates holding near 3.0% in December 2025 data.

February 2026 updates also showed continued month-over-month firmness, with no clear acceleration but little disinflation relief either. This growth slowdown + sticky inflation mix has echoes of stagflationary concerns, though the shutdown was a temporary policy shock rather than a broad demand collapse. Broader factors cited in analyses include policy uncertainty, tariffs, immigration changes, and external shocks.

Markets had already priced in some weakness after earlier revisions, but the final 0.5% print reinforces a loss of momentum heading into 2026. The Fed will likely watch upcoming data closely—private demand held up better than feared, but persistent core PCE above 2% limits room for aggressive easing. This confirms Q4 was a clear soft patch, heavily influenced by the government shutdown, but the underlying economy wasn’t in freefall.

Full-year 2025 growth of ~2.1% was still positive, though notably softer than 2024. Early 2026 data will be key to see if momentum rebounds once the shutdown effects fade. The 2025 U.S. federal government shutdown was the longest in history at 43 days. It occurred because Congress failed to pass appropriations legislation or a continuing resolution to fund the government for fiscal year 2026.

Under the Antideficiency Act, federal agencies cannot spend money without congressional appropriations. When funding lapses, non-essential operations halt, and many employees are furloughed roughly 750,000–900,000 in this case. This shutdown was a full shutdown affecting all agencies without prior appropriations. Republicans controlled the White House, House, and Senate.

Republicans needed Democratic support to pass a clean or Republican-favored CR, giving the minority party leverage. The main sticking point was expanded Affordable Care Act premium tax credits enhanced subsidies helping millions afford marketplace health insurance. These were set to expire at the end of 2025. They blocked Republican-led CRs which failed up to 14 times in the Senate and demanded inclusion of an extension for these subsidies, plus reversal of certain Medicaid cuts or other healthcare protections from prior legislation.

They viewed the funding bill as a must-pass vehicle to protect healthcare access for millions and prevent premium spikes. Some also pushed to limit executive authority over withholding appropriated funds. They advanced clean or limited CRs to extend funding at current or reduced levels without the healthcare add-ons, arguing such policy changes should be handled separately.

They accused Democrats of holding government funding hostage for partisan priorities and a large spending increase. The House passed versions of these bills, but they stalled in the Senate. Broader context included disagreements over overall spending levels, potential cuts to various programs, and implementation of the new administration’s priorities. Earlier budget resolutions from both parties failed in the Senate.

After weeks of impasse, mounting economic pressure, and disruptions, a compromise emerged: The Senate passed and House followed a revised bill funding parts of the government through January 30, 2026, with full-year appropriations for agriculture, military construction and veterans affairs, and legislative branch.

It included reversal of any Reduction in Force during the shutdown and retroactive pay for furloughed workers. In exchange, Democrats received a commitment for a future vote on ACA subsidies though not guaranteed passage. Unlike some past shutdowns this occurred under unified Republican control. The leverage came from Senate rules requiring supermajority support for appropriations.

It highlighted ongoing dysfunction in the annual budgeting process—Congress has rarely passed all 12 appropriations bills on time. The shutdown contributed to the weak Q4 2025 GDP print via reduced government spending, though private-sector resilience limited broader damage. A shorter partial lapse occurred briefly in early 2026 over remaining bills. Government shutdowns are ultimately a symptom of deep partisan divides over fiscal priorities, with both sides using must-pass legislation as bargaining chips.

123...8,489Page 1 of 8,489

© Tekedia. All rights reserved.

Term & Privacy

© Tekedia. All rights reserved.

Term & Privacy