The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...

Bitwarden confirmed its CLI npm package was compromised for 93 minutes on April 22, 2026, in a sophisticated supply chain attack linked to the recent Checkmarx breach. Attackers published a malicious ...

Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers. The npm (Node Package Manager) ecosystem of JavaScript ...

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of ...