The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
InfoQ

Pulumi Adds Full Bun Runtime Support

Pulumi has announced that Bun is now a fully supported runtime for Pulumi, going beyond its previous role as merely a package ...

Claude Code unintentionally open source: Source map reveals all

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm registry.

Password safe Bitwarden: Command-line client trojanized

The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.
Cinema Blend

Backrooms: Release Date, Cast And Other Things We Know About The A24 Horror Movie

A movie we would to noclip into. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. The thought of being trapped in an unfamiliar, or even ...
Cybernews

Axios patches critical vulnerability that allows attackers to steal cloud credentials

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...