> TritonInfoSec News
Home / Jun 02, 2026 / Story
0
#7 The Hacker News general June 01, 2026 at 09:31 UTC

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

By [email protected] (The Hacker News)

AI Summary

Researchers uncovered 'codexui-android,' a malicious npm package masquerading as a remote web UI for OpenAI Codex that had accumulated over 29,000 weekly downloads, stealing OpenAI Codex authentication tokens from developer machines. The package remains available for download on npm and GitHub at time of reporting. This attack specifically targets AI/ML developers who use Codex, making their API credentials and potentially sensitive code repositories at risk.

Read full article → https://thehackernews.com/2026/06/openai-codex-aut…

Relevance score: 80.0/100

# More from June 02

  1. 1
    Critical Windows Netlogon RCE flaw now exploited in attacks BleepingComputer
  2. 2
    Recent Palo Alto Networks Vulnerability Exploited for Weeks SecurityWeek
  3. 3
    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm The Hacker News
  4. 4
    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Krebs on Security
  5. 5
    Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices The Hacker News
  6. 6
    19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access SecurityWeek
  7. 8
    Inspector general finds NIST mistakes have made vulnerability database ineffective The Record
  8. 9
    Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts The Hacker News
  9. 10
    Microsoft says it will not pursue security researchers after zero-day backlash The Record