OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

📅 1 June 2026 at 09:31 UTC📰 The Hacker NewsView original source ↗

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed