Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...

Ubuntu Resolute Raccoon spits out Xorg, but still lets you run X11 apps

This release of Ubuntu Server brings fresh versions of multiple developer tools. Java gets OpenJDK 25 LTS with CRaC, and ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.