InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
InfoWorld

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Gadget Review on MSN

Bitwarden confirms compromise: What 10 million users need to know

Bitwarden confirmed a 93-minute CLI tool breach affecting only 334 users while password vaults remained secure and encrypted ...