Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Vercel confirmed a security incident involving unauthorized access to internal systems, stemming from a compromised ...

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

Veeam Backup & Replication (VBR) continues to set the pace in enterprise data resilience. With v13 having landed in November ...

VectorCertain LLC today announced new validation results demonstrating that its SecureAgent platform successfully detected ...