Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
CoinDesk

JPMorgan says persistent security flaws curb DeFi’s institutional appeal

A $20 billion hit from the KelpDAO exploit highlights systemic risks, while flat ETH-denominated growth and a shift to ...
Computer Weekly

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Security Boulevard

500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise

When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint ...
TechRound

What Do AI Experts Think About Claude Mythos?

Anthropic announced Claude Mythos Preview earlier this month, presenting it as a frontier model with cyber skills that ...

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...
Dark Reading

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not ...

Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
CNX Software

Linux 7.0 Release – Main changes, Arm, RISC-V, and MIPS architectures

The last week of the release continued the same “lots of small fixes” trend, but it all really does seem pretty benign, so I’ve tagged the final 7.0 and pushed it out. I suspect it’s a lot of AI tool ...