Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...
XDA Developers on MSN

Codex CLI felt safer than Claude Code, but it cost me my flow

Not a replacement, but not dismissible either.
XDA Developers on MSN

I built an app with both Codex and Claude Code, and only one made me want to keep using it

PSA: the tool you code with matters more than the code itself.
The New York Times

The Best Smart Security Devices to Make Your New Home Feel Safe

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Rachel Cericola Rachel Cericola is a writer covering smart home. In addition ...