Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...
Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.
Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...
Cybersecurity experts have reported a coordinated attack involving 108 Google Chrome extensions that steal user data and ...
Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
Over 108 Google Chrome extensions have been implicated in a coordinated data theft, compromising Google and Telegram user ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results