A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
First seen on hackread.com
Jump to article: hackread.com/codex-ui-tool-secretly-stole-openai-refresh-tokens/
