27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens

May 31, 2026/in General News

A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.

Hackread – Cybersecurity News, Data Breaches, AI and More – Read More