Storia in 2 fonti

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available for review.

Raccontata da

thehackernews.com

infoworld.com

Confronto fonti

2 prospettive sulla stessa storia

AI · summaries

infoworld.comStai leggendo1 g fa

Attack targeting OpenAI Codex users exposes AI software supply chain risks

npm package exfiltrated OpenAI Codex tokens (27K downloads); stolen refresh_tokens grant permanent access. Supply chain vulnerability: malware injected in npm artifact, not public source. Enterprises need least-privilege credential controls and visibility for AI developer tools.

originale

thehackernews.com1 g fa

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.

Leggi questa versione →

Timeline cronologica

lunedì 1 giugno 2026·thehackernews.com
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.
martedì 2 giugno 2026·infoworld.com
Attack targeting OpenAI Codex users exposes AI software supply chain risks
The incident highlights how attackers can hide malicious code in software packages that differ from the source code available for review.