The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
Forbes

Best Online Data Science Bootcamps

A licensed attorney with nearly a decade of experience in content production, Valerie Catalano knows how to help readers digest complicated information about the law in an approachable way. Her ...
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...
Forbes

Best High-Value Home Insurance Companies (June 2026)

Les Masterson is a deputy editor and insurance analyst at Forbes Advisor. He has been a journalist, reporter, editor and content creator for more than 25 years. He has covered insurance for a decade, ...