← axios-rat-openai   ·   Motion capture page (noindex)

Motion Capture

North Korea Hijacked Axios to Hit OpenAI's Mac Code-Signing Keys

Recording Mode Off — plain dark background
Lower Third Name Tag

Guest or host ID. Slides up, holds, exits at 3s.

Jane Sterling
Cybersecurity Reporter
Sterling Intelligence
Outro CTA End Screen

7-second closer. YouTube end screen cards go over the two bottom corners — add them in YouTube Studio after upload.

If the receipts hit —

Subscribe.

New episodes every week. No filler.

YouTube@sterlingintelligence
X / Twitter@SterlingIntel
WebSterlingintel.ca
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

npm Exposure Window
0hrs
Malicious Axios versions live on npm before removal
March 31, 2026 · 00:21–03:25 UTC
Both v1.14.1 and v0.30.4 active in that window
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

Axios v1.x
0M
Weekly npm downloads at time of compromise
npm Registry · March 2026
Most-downloaded HTTP client in the JS ecosystem
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

OpenAI Apps Exposed
0
ChatGPT Desktop, Codex, Codex CLI, and Atlas — signing cert exposed
GitHub Actions pipeline · March 31, 2026
Update required before May 8, 2026
Finance Chart Card Comparative Performance

Two-ticker line chart fetched live from Yahoo Finance. Normalized to 100 at period start so both lines start from the same baseline. Animated draw-in over 3s.

Microsoft vs S&P 500 — Last 3 Months
Through the Axios supply chain incident on GitHub Actions
Loading data…
Microsoft S&P 500 Source: Yahoo Finance · May 2026
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

Axios 0.x Branch
0M
Weekly downloads targeted by malicious v0.30.4
npm Registry · March 2026
Second attack vector alongside the v1.x branch
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

XZ Utils Precedent
0yrs
Duration of social engineering targeting the lone XZ Utils maintainer
2022–2024 · Near-miss on global Linux infrastructure
Same root cause: single-maintainer trust exploitation
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

CISA Response Lag
0days
Time from malicious packages removed to CISA advisory published
Packages removed Mar 31 · Advisory issued Apr 20, 2026
Guidance arrived after the window it would have closed
Stat Callout Card Data Overlay

Slides in over footage to highlight a key number. Counts up automatically. Auto-dismisses at 3s.

CISA Recommendation
0days
Minimum package release age before production pipeline adoption
CISA Advisory · April 20, 2026
Would have blocked both malicious versions if enforced
Capture order: top to bottom. Click any preview to enter fullscreen with a 3-second countdown — perfect for OBS.
Recording: use OBS Window Capture cropped to the preview frame, or fullscreen + display capture. Hit Replay, then record. Output drops as an overlay track in your editor.
Palette: the palette saved in motion_kit auto-applies here via localStorage.
Editor workflow — what to do after capturing here:
  1. Generate the avatar look in HeyGen using this episode's HEYGEN_LOOK prompt + the SCRIPT field as the read. Kick the render and grab a coffee.
  2. While HeyGen renders: capture the motion graphics above (top-to-bottom = capture order), grab b-roll, gather logos / photos as transparent PNGs, drop everything into your working folder.
  3. When HeyGen finishes: download both the rendered video and the timecoded transcript (.srt or .vtt). Drop the transcript at:
    /home/jaysoncraig/public_html/sandbox/data/faces/.build/axios-rat-openai/transcript.srt
  4. Generate the Resolve marker CSV + printable shot-list:
    python3 /home/jaysoncraig/.claude/scripts/generate-resolve-markers.py --slug axios-rat-openai
    Outputs: /home/jaysoncraig/public_html/sandbox/data/faces/.build/axios-rat-openai/timeline-markers.csv and /home/jaysoncraig/public_html/sandbox/data/faces/.build/axios-rat-openai/shot-list.html
  5. Open DaVinci Resolve, set the project framerate (the marker tool emits 30fps by default; pass --framerate 60 if your project is 60), drop the HeyGen video on V1.
  6. Timeline header → Import → Marker List from CSV → select timeline-markers.csv. Every cue lands as a colored marker on the correct track: Yellow=TalkingHead, Cyan=VoiceoverScene, Red=Cut, Green=B-roll, Pink=StatCard.
  7. Drop motion-graphic captures, b-roll clips, and stat-card overlays onto the marked positions. The shot-list HTML is your printable fallback if any markers look off.
  8. Export → render → upload. After publish, drop the YouTube URL into the episode's .repurpose.txt placeholders for the cross-channel pack.