A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Fake SSA email urges downloads with urgent warning. Learn key red flags and how to protect your data before it’s too late.

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies.

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of researchers and ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage attack works and how to stay safe.

Bybit's Security Operations Center disclosed a macOS malware campaign using SEO poisoning to target developers searching for ...