Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI.
The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository.
What
source https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html
source https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html
