Infosecurity Magazine

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Security Boulevard

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Blue Headlineq

GitHub’s Supply Chain Warning Is Really About Secret Theft, Not Just Bad Packages

GitHub says modern supply-chain attacks increasingly start with secret exfiltration from GitHub Actions, not just poisoned packages further downstream.