Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.
The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...
Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
Cybersecurity experts have reported a coordinated attack involving 108 Google Chrome extensions that steal user data and ...
Over 108 Google Chrome extensions have been implicated in a coordinated data theft, compromising Google and Telegram user ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results