As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Hamster Kombat has rapidly grown into one of the most widely recognised tap-based games since its launch in 2024, attracting ...

A slew of updates from Cloudflare includes its Mesh private networking fabric for AI agents and its Registrar API interface, ...