cybercrime.clubhttps://cybercrime.club/tags/android/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usMon, 01 Jun 2026 11:09:49 -0400codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Monthhttps://cybercrime.club/posts/codexui-android-npm-supply-chain-openai-codex-token-theft/Mon, 01 Jun 2026 11:09:49 -0400https://cybercrime.club/posts/codexui-android-npm-supply-chain-openai-codex-token-theft/A 29K-weekly-download npm package advertised as a remote web UI for OpenAI Codex has been quietly exfiltrating ~/.codex/auth.json — including non-expiring refresh tokens — to a fake Sentry endpoint since v0.1.82.supply-chain