Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

OpenAI is rolling out GPT-5.5 in Codex, with a 400K context window and higher coding benchmark scores than GPT-5.4.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...