The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Elastic Security Labs quickly spotted the unfolding supply-chain attack that backdoored the popular JavaScript library Axios, ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

I finally quit using Google Chrome as my default web browser in favor of an open source alternative, and I’m not looking back ...

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

A newly disclosed security flaw in Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem, has raised concern across software and cloud security teams after official ...

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

Claurst is an open-source, multi-provider terminal coding agent built from the ground up in Rust. It started as a clean-room reimplementation of Claude Code's behavior (from spec) and has since ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...