The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
GitHub

Vibe-Trading: Your Personal Trading Agent

2026-05-29 🔐 Robinhood Agentic Trading support (opt-in, bounded autonomy): Adds support for Robinhood Agentic Trading (remote MCP, OAuth). Off and read-only by default; the agent acts only inside a ...