Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

Bitwarden’s command-line interface package was briefly poisoned through npm after attackers abused a GitHub Actions workflow in its software release pipeline, turning a trusted password-management ...

Vercel has confirmed a security breach linked to a compromised third-party AI tool, exposing some environment variables and ...

Microsoft's Data API Builder is designed to help developers expose database objects through REST and GraphQL without building a full data access layer from scratch. In this Q&A, Steve Jones previews ...

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

OpenAI is capping off a busy week of announcements with the release of GPT-5.5, its latest model upgrade for ChatGPT and Codex. The company calls its new model “a new class of i ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...