Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Vercel confirmed a security incident involving unauthorized access to internal systems, stemming from a compromised ...

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

Veeam Backup & Replication (VBR) continues to set the pace in enterprise data resilience. With v13 having landed in November ...