The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
The Next Web

Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack

GitHub disabled 73 Microsoft repos after the Miasma worm exploited previously compromised credentials to plant malware targeting AI coding agents.

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...
Tech Times

Azure HorizonDB Enters Public Preview: Web IQ Already Powers Copilot and ChatGPT

Azure HorizonDB enters public preview at Microsoft Build 2026 alongside Web IQ, a Bing-rebuilt AI grounding API already ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...