Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have impacted 10% of cloud environments. On Monday, a threat actor ...

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...

Forbes contributors publish independent expert analyses and insights. A serious security breach has sent shockwaves through both everyday online services and the cryptocurrency world. At the center is ...

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...