The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'

A recruiter claiming to work for a blockchain firm called Genusix Labs invited Boris Vujičić, a web developer based in Serbia ...
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Password safe Bitwarden: Command-line client trojanized

The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
Hosted on MSN

Bitwarden CLI npm package hijacked in 93-minute supply chain breach

Bitwarden confirmed its CLI npm package was compromised for 93 minutes on April 22, 2026, in a sophisticated supply chain attack linked to the recent Checkmarx breach. Attackers published a malicious ...