OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Monday, June 1, 2026 at 09:31 AM UTC·Source: The Hacker News

Updated: Monday, June 1, 2026 at 12:00 PM UTC

Executive Summary

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What

Analysis

Source Attribution

Originally published by The Hacker News on Jun 1, 2026.

Related Threats

MEDIUMSupply Chain

Containers on fire: from container escapes to supply chain attacks

We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.

6h agoSecurelist (Kaspersky)

MEDIUMSupply Chain

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

3d agoThe Hacker News

CRITICALSupply Chain

Cybersecurity trends in SEC filings

In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curious as to what senior cybersecurity executives are conveying about their companies in these reports. I turned this into

3d agoCSO Online