InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...

A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...