{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreia7gpvoimtbzzgh6lcukwexnpexlve3yepc2ksdciedc27oeymyom",
    "uri": "at://did:plc:xb5etev7ncohgebas3kjeqek/app.bsky.feed.post/3mn7q2vbhk6o2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidshsltv7j63pbbiwn636vz6u6blciph6qb3ihp5wrpv7hzeeosne"
    },
    "mimeType": "image/png",
    "size": 458995
  },
  "path": "/codex-ui-tool-secretly-stole-openai-refresh-tokens/",
  "publishedAt": "2026-05-31T14:54:04.000Z",
  "site": "https://hackread.com",
  "tags": [
    "Security",
    "Artificial Intelligence",
    "Android",
    "Codex UI",
    "Cybersecurity",
    "GitHib",
    "NPM",
    "OpenAI",
    "OpenAI Codex",
    "Scam",
    "Typosquatting"
  ],
  "textContent": "A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.",
  "title": "27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens"
}