Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...
The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results