The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

FBI Warns Microsoft Users—New Attack Gains Access To Accounts

The FBI issued a warning on May 21, as a new AI-powered attack enables "threat actors to obtain Microsoft 365 access tokens ...
Homeland Security Today

FBI Warns Phishing Kit is Bypassing Microsoft Multi-Factor Authentication Through OAuth Token Hijacking

The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (PSA) to warn the public about an emerging ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
Infosecurity Magazine

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

A new phishing-as-a-service (PhaaS) platform called Kali365 is being distributed in the wild, primarily via Telegram, the FBI has warned. First detected in April 2026, Kali365 provides cyber threat ...

Malicious npm package targeting OpenAI Codex users steals authentication tokens

The tool gathered over 29,000 downloads before the malicious npm package was identified ...
AFCEA

Army Authentication Tokens Not Just for Tactical Use

The U.S. Army’s wearable authentication tokens intended for the tactical environment could be used for nontactical purposes, such as accessing strategic-level systems, enterprise networks and medical ...
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
CSOonline

The SSO tax is killing trust in the security industry

Application providers charge fees to implement single sign-on but don't deliver a full SSO experience. Threat actors are taking advantage of the situation. We hate asking an organization we are ...