A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

A cyber group is impersonating IT helpdesk staff via Microsoft Teams to deploy malware and target corporate systems.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

One victim thought she was buying a tractor that could help a man pay medical bills. But no, fraudsters hacked someone else's ...