A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.

Deeba Ahmed

Source: HackRead
Source Link: https://hackread.com/codex-ui-tool-secretly-stole-openai-refresh-tokens/