Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Bleeping Computer

Latest Multi-Factor Authentication news

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass.

Google is making it dramatically easier to sign in to apps without OTP or link hassles

Google now lets Android apps verify your email in one tap, no OTP codes and no inbox hunting. Here's how the new Credential Manager API works.