The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

As the hubbub around cryptocurrencies continues to grow, so, too do the ways that more nefarious folks can exploit clueless individuals. And one coder has shown how you could be at risk when browsing ...

Collectively, the extensions amassed about 20,000 installs in the Chrome Web Store. All 108 extensions route stolen ...

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

The ingenious engine of web dev simplicity goes all-in with the Fetch API, native streaming, Idiomorph DOM merging, and more.

Browser extensions are mostly harmless, but unfortunately, these Chrome extensions are the opposite, and pose imminent risk ...

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running. Two class action complaints were filed by different law firms on behalf of ...

A credit card skimmer campaign discovered in early 2025 and still actively tracked as of April 2026 has compromised an ...