A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

For context, npm is like an app store for code, facilitating speedy development by enabling managing and reusing code instead ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...