The hidden VS Code tool has replaced the terminal for me.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

As supply chain attacks surge and AI lowers the barrier to malware, the cybersecurity unicorn moves security directly onto ...

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...

Bootstrapped by three founders, Osirus brings Chat, Search, Image, Video, Speech, Storage, and a full Agent Studio under one roof - powered by every major AI provider, including AWS Bedrock, Google, ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.