20:17
2026-05-27
aikido.dev
ai-tools
Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens
A malicious npm package named 'codexui-android' posing as a legitimate remote web UI for OpenAI Codex has been stealing authentication tokens from developers for the past month. The package, which achβ¦