CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Vercel security breach explained: How a third-party AI tool exposed internal systems and what it means for developers

Vercel confirmed a security incident involving unauthorized access to internal systems, stemming from a compromised ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Cybernews

Bitwarden CLI compromised in supply chain attack: hundreds of developers have installed malware

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...