BITWARDEN CLI COMPROMISED IN SUPPLY CHAIN ATTACK, DEVELOPERS URGED TO ROTATE SECRETS IMMEDIATELYThe @Bitwarden CLI npm package version 2026.4.0 was compromised between 5:57 PM and 7:30 PM ET on April 22, after attackers breached a GitHub Action in Bitwarden's CI/CD pipeline and pushed a malicious build. This affects developers who use bitwarden/cli in CI/CD pipelines or dev machines, not regular Bitwarden password manager users. The core vault and end-user data were not touched.The payload is the self-propa ...

CISA ISSUES FORMAL ALERT ON AXIOS NPM SUPPLY CHAIN COMPROMISE THREE WEEKS AFTER ATTACKThe US Cybersecurity and Infrastructure Security Agency (@CISACyber) published a formal alert today on the March 31 supply chain attack against axios, the JavaScript HTTP client library with over 100 million weekly downloads. Microsoft and Google attributed the campaign to North Korean state actors tracked as Sapphire Sleet and UNC1069.Compromised versions axios @ 1.14.1 and axios @ 0.30.4 injected a fake dependency, plain ...

RT HashDit | now with Pro Extension (@HashDit)CRITICAL HashDit Alert 🚨🚨 : axios npm supply chain attack (March 31, 2026)Attacker hijacked the maintainer's npm account & published malicious versions:❌ axios@1.14.1❌ axios@0.30.4These drop a RAT on macOS/Windows/Linux via postinstall script.✅ Downgrade NOW:- npm install axios@1.14.0 (or 0.30.3 for 0.x)Check if affected:- npm list axios | grep -E "1\.14\.1|0\.30\.4"- If infected → rotate ALL secrets (npm, GitHub, AWS, SSH keys)- C2 still active. 100M+ weekly do ...

RT Lili H (@LiliH65289916)Core v30 is a supply chain attack on Bitcoin.Many of you should be familiar with the Solarwinds supply chain attack back to 2020. The hacker penetrated into Solarwinds supply chain and planted a backdoor into the package that would be downloaded by global wide custommers. Same methodology can be seen in core v30. ...

⚡️ INSIGHT: Crypto exchange BigONE lost $27M in a sophisticated supply chain attack without private keys being compromised on July 16th.How did this happen? https://t.co/Mgr7Eufw3Y ...