Bloomberg L.P.

API Library

Supported Releases: These releases have been certified by Bloomberg’s Enterprise Products team for use by Bloomberg customers. Experimental Releases: These releases have not yet been certified for use ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Etherpad 2.7.0: Collaborative web editor without cloud dependency

Etherpad is a self-hostable web editor written in Node.js for real-time collaborative writing – functionally comparable to ...

Vercel security breach explained: How a third-party AI tool exposed internal systems and ...

Vercel confirmed a security incident involving unauthorized access to internal systems, stemming from a compromised ...