Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
CSO Online

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...

TuxCare’s Senior Developer Advocate To Speak at JAX 2026

PALO ALTO, CA, UNITED STATES, April 30, 2026 /EINPresswire.com/ -- TuxCare, a global innovator in securing open source, ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Infosecurity Magazine

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes ...
Analytics Insight

Top YouTube Channels for Node.js in 2026: Best Picks

Popular channel offering practical Node.js tutorials, REST API projects, and backend fundamentals with clear explanations ...
Appuals

Fix: You’ll need a new app to open this windowsdefender link

"You'll need a new app to open this windowsdefender link" appears when Windows cannot open the Windows Security app using the ...