The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

roots-fortran-27-rbp-method__opencode-gpt-oss-120b-q4km-128k.json

"summary": "The patch fails to build and validator compilation fails: a duplicate `public` access specifier on `root_method_rbp` causes `fpm build` to error out, so ...
GitHub

roots-fortran-26-itp-method-fix__opencode-nemotron-120b-a12b-q4km-32k.json

"summary": "The patch attempts to handle f(a) > f(b) by negating ya and yb at initialization, but leaves the rest of the ITP routine (which re-evaluates me%f and compares yitp against 0) unchanged.
Visual Studio Magazine

VS Code 1.122 Lets BYOK Work Without GitHub Sign-In

Microsoft's May 2026 VS Code update makes BYOK usable in restricted environments while adding agent, browser and issue-reporting updates.