OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Updated on June 1, 2026

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.

The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository.

What…

Read the rest of the story at Read More

Source: The Hacker News

September 17, 2024 Uncategorized

Meta to Train AI Models Using Public U.K...

September 22, 2025 Uncategorized

How to Gain Control of AI Agents and Non...

May 6, 2026 Uncategorized

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Related posts

Meta to Train AI Models Using Public U.K...

How to Gain Control of AI Agents and Non...

Palo Alto PAN-OS Flaw Under Active Explo...

Leave a Comment Cancel reply

Recent News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks