Telegram News

Source-attributed Telegram item

The Hacker News: 🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth...

Source-attributed Telegram post from The Hacker News: 🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month. codexui-android, marketed as a remote web UI,...

Cyber & Hacking

The Hacker News

@thehackernews | rank 8 | Tier 1 | Verification anchor

Verification Anchor Tier 1 Verification anchor Cybersecurity trade-publication perspective Technical reporting should be checked against vendor advisories source-attributed Telegram source claim Public Telegram post verification anchor cyber research source

Public Telegram feed from a cybersecurity publication.

4.6K views 21 forwards 13 reactions Top 25% in source Source rank #3 Global pct 62.67

Original English English

🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.

codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json — including non-expiring refresh tokens — to an attacker server.

Read: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html

cyber-hacking cyber verification-anchor research-source thehackernews.com markets
Telegram media item Media served by Telegram. The preview loads from telegram.org when this card is visible. Open original Telegram post
https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html