The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...

Bitwarden confirmed its CLI npm package was compromised for 93 minutes on April 22, 2026, in a sophisticated supply chain attack linked to the recent Checkmarx breach. Attackers published a malicious ...

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned ...

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in ...

Suppose the following package structure: Then, performing "Run as > JUnit Test" on the com.example.a package will also run all Tests inside the com.example.ab package. This behaviour deviates from how ...

Community driven content discussing all aspects of software development from DevOps to design patterns. Whenever I prep for a certification exam, I don’t aim to scrape by. I gear up to own the exam ...