Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Hosted on MSN

Bitwarden CLI npm package breached in supply chain attack

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...
The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
WUNC

The Case For Taking Humor Seriously Transcript

This is a minimally-edited transcript that originates from a program that uses AI. Anita Rao This is Embodied, from PRX and WUNC. I’m Anita Rao. Comedian Chris Duff ...

Password safe Bitwarden: Command-line client trojanized

The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.
Hosted on MSN

Microsoft 365 Copilot shifts to agentic AI with EU data routing concerns

Microsoft has made its 365 Copilot an agentic AI by default, enabling it to perform in-app actions autonomously across Word, Excel, and other tools. Alongside this upgrade, a new 'flex routing' ...