Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
The Hacker News

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted ...
InfoWorld

27 questions to ask before choosing an LLM

From cost and performance specs to advanced capabilities and quirks, answers to these questions will help you determine the ...
Indianapolis Business Journal

EPA grants permit for proposed carbon storage project in Indiana

Denver-based Vault 44.01 and Cardinal Ethanol plan to jointly develop the One Carbon Partnership CCS project about 95 miles ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Top open source AI platform Flowise hit by maximum-level security issue

A 10/10 Flowise bug was patched, but is now being abused in the wild.
GovInfoSecurity

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

China Is Obsessed With ‘Lobsters’ That Book Flights & Check Emails: Decoding AI Assistant OpenClaw

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...

Microsoft Weekly: Start menu in rework again and Recall is on fire

Catch up with this week's Microsoft stories in the latest recap. Patch Tuesday updates, bugs, Start menu reworks, Recall ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
The Week

'Always-on agent' and AI pet 'Buddy': Anthropic’s Claude source code leak reveals hidden features

Anthropic's accidental leak has exposed Claude AI's internal code, revealing several unreleased features like Buddy, KAIROS and Dream mode ...