The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now

Microsoft patched a Microsoft 365 Android flaw that exposed account tokens across six apps. Here’s what IT teams should check ...
The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
CoinDesk

Near Protocol to automate its own growth and its token is skyrocketing

Layer-1 blockchain Near's forthcoming upgrade will allow the network to scale dynamically without human intervention. The market is giving it a thumbs-up, sending the native token's price sharply ...
Business Insider

OpenClaw's creator used $1.3 million worth of AI tokens in a month and people are freaking out

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Peter Steinberger is on a token spending spree. On Friday, the creator of OpenClaw posted a screenshot ...
Computerworld

The world of AI tokens — and why they matter

When it comes to AI, tokens are the coin of the realm. Here’s how to understand their importance to both users and AI vendors. Google has only one way to measure the phenomenal AI growth it’s seen: in ...

Malicious npm package targeting OpenAI Codex users steals authentication tokens

The tool gathered over 29,000 downloads before the malicious npm package was identified ...
Yahoo Finance

Circle raises $222M in Arc token presale from BlackRock, a16z

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
Fast Company

Amazon workers are under pressure to up their AI usage—so they’re making up extraneous tasks

According to Amazon employees, the company is pushing them to incorporate more and more AI in their workflows. What exactly they should be using it for is less clear, leaving the door open for ...