{"data":{"id":"65f987e5-7f6a-40a7-811f-1cbfd035e7ee","title":"OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack","summary":"Attackers compromised the popular npm package codexui-android (which provides a remote interface for OpenAI Codex, a code-writing AI tool) and embedded malicious code that secretly steals authentication tokens (login credentials) from users and sends them to an attacker-controlled server. The stolen tokens, especially the refresh_token (which never expires), allow attackers to impersonate users indefinitely and access everything their Codex account can do.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html","publishedAt":"2026-06-01T09:31:15.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI Codex","OpenClaw Codex Claude AI Agent"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-01T09:31:15.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}