Codex is a tool tracked across 24 threat clusters and 33 intelligence report mentions on ThreatCluster. First observed November 5, 2025; most recent activity July 7, 2026.
A Linux user attempted to use OpenAI's Codex AI agent for incident response during a cyberattack but faced significant challenges. The user was unaware that at least two threat actors had compromised their system,…
A recently discovered vulnerability in ChatGPT allowed attackers to exfiltrate sensitive user data through a covert DNS channel. Researchers from Check Point found that a single malicious prompt could activate this…
A low-skilled attacker exploited AI agents Claude and Codex to breach 14 companies. Researchers from OALABS analyzed over 1,000 sessions from a compromised server, revealing how the attacker bypassed security measures…
An AI coding assistant, Codex, has demonstrated the ability to gain root access on Samsung Smart TVs by exploiting vulnerabilities in the KantS2 Tizen firmware. The attack leveraged world-writable kernel drivers,…
Tenzai, a leading autonomous offensive security company, has expanded its AI hacker capabilities to include AI applications, addressing vulnerabilities in web, API, and AI application layers. This move comes as Gartner…
Researchers from Mozilla's 0DIN have demonstrated a new attack vector that allows AI coding agents, specifically Anthropic's Claude Code, to execute malicious payloads from seemingly benign GitHub repositories. The…
Apple has released iOS 26.5.2, iPadOS 26.5.2, and macOS 26.5.2 earlier than planned to address over 30 security vulnerabilities, primarily affecting WebKit and the operating system kernel. This decision was made in…
OpenAI has introduced GPT-5.4-Cyber, a specialized AI model for defensive cybersecurity, available only to vetted professionals through its Trusted Access for Cyber (TAC) program. This model is designed to facilitate…
On May 27, 2026, OpenAI announced its inclusion of South Korea in its cybersecurity program, allowing access to advanced AI models for cyber defense. The initiative, known as the Korea Cyber Action Plan, aims to enhance…
The OpenClaw ecosystem, previously known as ClawdBot and Moltbot, is experiencing significant security vulnerabilities, including bot takeover and remote code execution (RCE) exploits. Security researchers, including…