Home / Apps / OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User…
OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens
cybersecuritynews.com Apr 7, 2026

OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens

Curated by · TechCapsules ·

AI-summarised brief · reviewed before publication

A critical vulnerability in OpenAI Codex allowed attackers to steal GitHub User Access Tokens by exploiting a command-injection flaw. Researchers discovered that the system failed to sanitize input properly, enabling attackers to inject shell commands into GitHub branch names. This exposed sensitive tokens, which could be used to compromise multiple users and access entire task histories, including GitHub access tokens.

Apps Cybersecurity OpenAI Windows
Read full article on cybersecuritynews.com
More in Apps →
Microsoft still can’t make Windows 11’s New Outlook work offline because it refuses to go native
windowslatest.com · Jun 18

Microsoft still can’t make Windows 11’s New Outlook work offline because it…

Microsoft is struggling to make Windows 11's new Outlook work offline due to its web-based approach. The new Outlook is a web app that loads Outlook.com in a WebView2 container, similar to opening Outlook in an Edge tab. A recent update has added the ability to attach files while offline, a feature that has been available in the classic Outlook desktop app. The update also allows users to access more emails offline, with options to save up to 1 or 2 years of email on their device. Microsoft's refusal to create a native app is hindering the development of full-fledged offline support. The new features are rolling out widely, but the app still consumes more disk space compared to Outlook Classic.

💡 Microsoft's inability to deliver seamless offline support undermines the reliability of its enterprise email product. Limited offline capabilities can hinder productivity in areas with poor internet connectivity.

How to turn off AI in your Google Docs
techcrunch.com · Jun 18

How to turn off AI in your Google Docs

A Google Docs user encountered an AI pop-up inviting them to "write with Gemini" and struggled to remove it, prompting them to write an article on how to disable the feature. The AI assistant, Gemini, is part of Google's smart features, which can be disabled through Gmail settings. To turn off Gemini, users can access their Gmail settings and disable smart features, preventing AI pop-ups from appearing in Google Docs. This solution allows users to avoid individually disabling each AI feature. The process is straightforward, providing relief to users who find the AI pop-ups disruptive. Google Docs users can now disable Gemini and other smart features easily.

💡 Disabling smart features gives users control over their writing experience, allowing them to work without AI interruptions. By doing so, users can maintain focus and productivity in Google Docs.

Gemini for Android using Bubbles to let you multitask & continue chats
9to5google.com · Jun 18

Gemini for Android using Bubbles to let you multitask & continue chats

The Gemini overlay on Android has introduced Bubbles to enable multitasking and continuous conversations. Users can access this feature by starting a conversation from the Gemini overlay, which then minimizes into a Bubble featuring the spark logo when the screen is tapped elsewhere. Tapping the Bubble expands it back into the full Gemini overlay, allowing users to resume their conversation. This update aims to let users keep talking to Gemini while performing other tasks. The feature is currently available on Android 17 QPR1 Beta, although its wider rollout has not been confirmed. The update brings a similar experience to Gemini Live's floating waveform circle.

💡 By integrating Bubbles, Gemini enhances its usability and convenience, allowing for seamless conversation continuity. This streamlined experience strengthens Gemini's assistive capabilities.

Windows 11 KB5094126, KB5093998 bugging out Office apps but it may not be Microsoft’s fault
neowin.net · Jun 17

Windows 11 KB5094126, KB5093998 bugging out Office apps but it may not…

Microsoft released Windows 11 Patch Tuesday updates, KB5094126 and KB5093998, along with dynamic updates. However, users have reported various issues, including problems with OneDrive and Dropbox access, BitLocker recovery lockouts, and blue screens. Microsoft has acknowledged a bug affecting third-party applications' ability to launch Microsoft Office apps or open Office documents after installing the updates. The issue impacts Windows 11 and Windows 10, and Microsoft is working on a resolution. A workaround is available for affected users, and enterprise customers can contact Microsoft Support for additional assistance.

💡 Microsoft's acknowledgment of the bug highlights the complex interplay between its own software and third-party applications, which rely on OLE automation to interact with Office apps. The disruption caused by this bug underscores the importance of stable software integration in business and professional workflows, where seamless communication between applications is crucial.

What Is BGP Hijacking? Pavel Durov Accuses Reliance of Using This Routing Exploit Against Telegram
latestly.com · Jun 17

What Is BGP Hijacking? Pavel Durov Accuses Reliance of Using This Routing…

Pavel Durov, Telegram's CEO, has accused Indian telecom major Reliance of disrupting global access to the messaging app through alleged BGP hijacking. This internet routing exploit has affected millions of users outside India, including in the UAE. BGP hijacking occurs when an autonomous system falsely announces ownership of IP address ranges it does not control, causing traffic rerouting, slowdowns, or blackholing. The incident has renewed concerns over internet routing security, corporate competition, and vulnerabilities in global network infrastructure.

💡 Reliance's alleged BGP hijacking may be a symptom of a broader competitive war in the Indian tech industry, where companies are increasingly using aggressive tactics to gain an advantage. The incident highlights the need for robust internet routing security measures to prevent such exploits and protect global users from disruptions.

X down: Thousands of users facing issues with Elon Musk’s social media platform
digit.in · Jun 17

X down: Thousands of users facing issues with Elon Musk’s social media…

Elon Musk's social media platform X is experiencing a massive outage, with over 3,000 users in the US reporting issues on Downdetector. Approximately 46% of users are facing app-related problems, while 34% are experiencing feed/timeline issues and 12% are having website issues. The outage started around 7:30 AM, and users are taking to Downdetector to share their experiences. The company has not yet released an official statement regarding the outage. Users are unable to access the platform, which is unusual as X is often used for live updates and reactions. The outage is currently unresolved.

💡 Users are losing their primary space for live reactions and updates, forcing them to rely on alternative platforms. The outage undermines X's role as a real-time information hub.