Bitwarden confirmed its CLI npm package was compromised for 93 minutes on April 22, 2026, in a sophisticated supply chain attack linked to the recent Checkmarx breach. Attackers published a malicious ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.