Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
TechRadar

OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens

A newly discovered supply-chain attack on npm is targeting software developers using OpenAI Codex. Codex is OpenAI’s coding assistant and software engineering agent that can write and review code, fix ...
The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.