OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Blog

Byadmblake June 1, 2026

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from…

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.

The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository.

What

Blog

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through

Read More Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Blog

Infamous Shai-hulud Worm Resurfaces From the Depths

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

Read More Infamous Shai-hulud Worm Resurfaces From the Depths
Blog

5 Impactful AWS Vulnerabilities You’re Responsible For

If you’re using AWS, it’s easy to assume your cloud security is handled – but that’s a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it’s up to the…

Read More 5 Impactful AWS Vulnerabilities You’re Responsible For
Blog

‘InstallFix’ Attacks Spread Fake Claude Code Sites

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.

Read More ‘InstallFix’ Attacks Spread Fake Claude Code Sites
Blog

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims’ emails. Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the…

Read More Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Blog

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow…

Read More CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation

Related