Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

Mosyle identifies two new macOS threats invisible to antivirus engines

After exclusively sharing details with 9to5Mac last September on ModStealer, a cross-platform infostealer invisible to every major antivirus engine ...
adtmag.com

Git 2.54 Adds New History-Editing Tools and Maintenance Updates

The open-source Git project has released Git 2.54, the latest version of the widely used distributed version control system for tracking changes in software projects. This release adds a new ...

I tested Surfshark's new Dausos VPN protocol - here's how it compares to WireGuard

The new protocol was built for 'better security and barrier-breaking speeds.' I tested whether it can compete with WireGuard ...