Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, but this newly discovered one is among the more refined. It exploits not only ...