The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...
InfoQ

Google Workspace CLI: Unified Command-Line Tool Built for Humans and AI Agents

Google has released a new CLI for Google Workspace, offering a unified interface for various services like Drive, Gmail, and ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
TechLatest

SERP API vs. Manual Scraping: What Holds Up at Scale

A mid-tier SERP API plan runs roughly $0.50 to $2 per thousand queries, depending on the provider and how much enrichment you ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...
CIO

SAP’s new API policy restricts AI access, draws customer criticism

Limiting API usage to “SAP-endorsed architectures, data services, or service-specific pathways,” SAP has encountered pushback from the DSAG user group over the scope and implications of the updated ...
InfoQ

Chrome 144 Ships Temporal API: Advancing JavaScript Date/Time Standardisation

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
The Hacker News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat actors have ...
Mashable

Elon Musk's X rolls out pay-per-use API to lure developers back, but there's one big problem

X has announced a new pay-per-use self-serve API model in hopes of luring developers back to the platform. Credit: Gabby Jones/Bloomberg via Getty Images Good news! Elon Musk's X has heard the cries ...