OpenAI Codex kullanıcıları, kimlik doğrulama belirteçlerini çalan zararlı npm paketleri ve Android uygulamaları aracılığıyla hedef alınıyor. Saldırganlar, çalınan belirteçlerle hesaplara izinsiz erişim sağlıyor.
Red Hat's official NPM accounts were compromised, allowing a malicious worm named Shai-Hulud to spread and steal sensitive credentials like GitHub secrets and npm tokens. The attack targeted CI/CD systems, and while Red Hat claims no customer impact, researchers advise treating affected systems as compromised.
OpenAI's internal development environment was breached by hackers using compromised TanStack npm package, affecting employee devices and limited code repositories, but no customer data or production systems were compromised.
Zahlreiche TanStack-Pakete auf npm haben eine Supply-Chain-Attacke erlitten, offenbar im Rahmen der Angriffswelle „Mini Shai-Hulud“.
Mehrere npm-Pakete von SAP waren einer Supply‑Chain‑Attacke ausgesetzt. Dahinter steckt die Hackergruppe TeamPCP, sagen Sicherheitsforscher.
Kleine, aber interessante Meldungshäppchen vom News-Buffet zu Apache Camel, pnpm, npm, Firestore, Python, Ghostty, Arduino App Lab und SkiaSharp.
A malicious version of the Bitwarden CLI was distributed via npm for 93 minutes on April 22. The attack, linked to a broader supply chain campaign, targeted infrastructure credentials rather than vault data, highlighting critical vulnerabilities in CI/CD release pipelines.
On April 22, 2026, a malicious version of Bitwarden's CLI was published to npm under the official @bitwarden/cli package name for 93 minutes. The backdoored package targeted infrastructure credentials including GitHub tokens, SSH keys, AWS/GCP/Azure credentials, and GitHub Actions secrets rather than Bitwarden vaults. Bitwarden removed the package and found no evidence of vault data access. Security researchers determined the attack exploited a compromised GitHub Action in Bitwarden's CI/CD pipeline, connected to the broader Checkmarx supply chain campaign.
On April 22, 2026, a malicious version of Bitwarden's command-line interface was published to npm under the official package name @bitwarden/[email protected], remaining available for 93 minutes. The compromised package targeted infrastructure credentials including GitHub tokens, npm tokens, SSH keys, AWS/GCP/Azure credentials, and GitHub Actions secrets. Security firm JFrog analyzed the payload and found it had no interest in Bitwarden vaults—only in credentials governing build, deployment, and infrastructure automation. Bitwarden confirmed the incident is connected to the broader Checkmarx supply chain campaign and found no evidence of end-user vault access or production system compromise.
