OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

CentryNex

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.

The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository.

What

SOURCE:

Share the Post:

Related News

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some “patched-ish”

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

CentryNex

Related News

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Company

Services

Contact Us