OpenAI Codex Exposes GitHub Tokens Via Command Injection
Phantom Labs, the research arm of BeyondTrust, reported on March 30, 2026 that a command-injection vulnerability in OpenAI’s Codex could expose short-lived GitHub OAuth tokens by manipulating branch names during task…