Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
Bleeping Computer

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...
Hosted on MSN

Minecraft Java edition code no longer obfuscated

Minecraft, created by Markus "Notch" Persson long before it became the most successful game of all time and a $2bn payday to Microsoft, was written in Java. Notch obfuscated the code to prevent others ...
heise online

Password safe Bitwarden: Command-line client trojanized

Between 11:57 PM on April 22nd and 1:30 AM on April 23rd German time (5:57 PM to 7:30 PM ET), the npm package @bitwarden/cli in version 2026.4.0 was distributed with malware. This manipulated version ...