HomeAI · summaries
Storia in 3 fonti
Popular Codex npm package stole developer tokens for a month
The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Confronto fonti
3 prospettive sulla stessa storiaTimeline cronologica
- ·
thehackernews.com
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access.
- ·
infoworld.com
Attack targeting OpenAI Codex users exposes AI software supply chain risks
The incident highlights how attackers can hide malicious code in software packages that differ from the source code available for review.
- ·
thenextweb.com
Popular Codex npm package stole developer tokens for a month
The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.