Storia in 2 fonti

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.

Raccontata da

thehackernews.com

infoworld.com

Confronto fonti

2 prospettive sulla stessa storia

AI · summaries

thehackernews.comStai leggendo1 g fa

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.

originale

infoworld.com1 g fa

Attack targeting OpenAI Codex users exposes AI software supply chain risks

npm package exfiltrated OpenAI Codex tokens (27K downloads); stolen refresh_tokens grant permanent access. Supply chain vulnerability: malware injected in npm artifact, not public source. Enterprises need least-privilege credential controls and visibility for AI developer tools.

Leggi questa versione → originale

Timeline cronologica

lunedì 1 giugno 2026·thehackernews.com
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.
martedì 2 giugno 2026·infoworld.com
Attack targeting OpenAI Codex users exposes AI software supply chain risks
The incident highlights how attackers can hide malicious code in software packages that differ from the source code available for review.