Explore

Vercel Reports Customer Data Breach Predating Recent Hack, Expanding Security Concerns

Vercel Reports Customer Data Breach Predating Recent Hack, Expanding Security Concerns

Vercel Reports Customer Data Breach Predating Recent Hack, Expanding Security Concerns

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack

The Bitwarden command-line interface (CLI) was compromised in a supply chain attack linked to Checkmarx. The attack involved a malicious version of the Bitwarden CLI being distributed via npm, exploiting a compromised GitHub Action in Bitwarden's CI/CD pipeline. The malicious code, found in the package version @bitwarden/cli@2026.4.0, was designed to steal developer secrets and exfiltrate data to private domains. The attack highlights vulnerabilities in software supply chains, particularly in CI/CD environments.

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack, Exposing Developer Secrets

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack, Exposing Developer Secrets

Bitwarden CLI has been compromised as part of an ongoing supply chain attack orchestrated by Checkmarx, according to findings from JFrog and Socket. The attack involved a malicious version of the Bitwarden CLI package, specifically version @bitwarden/cli@2026.4.0, which was distributed through npm. The malicious code, embedded in a file named 'bw1.js', was executed via a preinstall hook, leading to the theft of sensitive data such as GitHub/npm tokens, .ssh, .env files, and shell history. This data was exfiltrated to a domain impersonating Checkmarx and a GitHub repository. The attack leveraged a compromised GitHub Action in Bitwarden's CI/CD pipeline, similar to other affected repositories in the campaign. The threat actor, suspected to be TeamPCP, used the stolen tokens to inject malicious workflows into repositories, potentially compromising CI/CD pipelines. Bitwarden confirmed the incident but stated that no end-user data was accessed.

Trusted Relationships Become New Attack Surface in Email Security Threats

Trusted Relationships Become New Attack Surface in Email Security Threats

Trusted Relationships Become New Attack Surface in Email Security Threats

Supply Chain Worm Targets npm Packages to Steal Developer Tokens

Supply Chain Worm Targets npm Packages to Steal Developer Tokens

Supply Chain Worm Targets npm Packages to Steal Developer Tokens

Bitwarden Faces Supply Chain Attack, No User Data Compromised

Bitwarden Faces Supply Chain Attack, No User Data Compromised

Bitwarden, a password manager, experienced a supply chain attack involving its command-line interface (CLI) distributed via the Node package manager (npm). The attack was identified by security researchers from Socket and JFrog, affecting the @bitwarden/cli@2026.4.0 version for 93 minutes on April 22, 2026. Bitwarden confirmed the incident, stating that no end-user vault data was accessed and production systems remained uncompromised. The attack involved a malicious payload introduced through a compromised GitHub Action in Bitwarden's CI/CD pipeline, executed automatically when developers ran npm install. The malware targeted various credentials, including GitHub tokens and cloud credentials, and exfiltrated data to an attacker-controlled domain. The attack was part of a broader campaign by the threat actor group TeamPCP, which had previously targeted Checkmarx's infrastructure.

WordPress Plugins Compromised by Backdoor Installation, Affecting Users

WordPress Plugins Compromised by Backdoor Installation, Affecting Users

WordPress Plugins Compromised by Backdoor Installation, Affecting Users

Vercel Confirms Cyber Incident, Sensitive Data Potentially Compromised

Vercel Confirms Cyber Incident, Sensitive Data Potentially Compromised

Vercel Confirms Cyber Incident, Sensitive Data Potentially Compromised

Vercel Faces Security Breach, Advises Customers on Secrets Rotation

Vercel Faces Security Breach, Advises Customers on Secrets Rotation

Vercel, a cloud application deployment platform, has reported a security incident involving unauthorized access to some of its internal systems. The breach appears to be a supply chain attack, and Vercel is advising its customers to rotate their secrets, such as API keys and database credentials. The incident was linked to a compromise of a third-party AI tool integrated with Vercel's environment, which granted attackers privileged access. The company is investigating the breach with the help of experts and law enforcement, and has published an indicator of compromise for affected users. Vercel's CEO, Guillermo Rauch, stated that the number of impacted customers is limited, though the compromise potentially affected hundreds of users across various organizations.

Vercel Security Breach Linked to Third-Party Malware Attack

Vercel Security Breach Linked to Third-Party Malware Attack

Vercel, a company known for maintaining Next.js and other open-source libraries, has reported a security breach resulting from a third-party malware attack. The breach originated from a Context.ai employee's computer infected with Lumma Stealer malware, disguised as Roblox cheats. This allowed attackers to access Context's AWS environment and OAuth tokens, including a token for a Vercel employee's Google Workspace account. The attackers used this access to compromise Vercel's systems, affecting a limited number of customers. Vercel has advised impacted customers to rotate credentials and is investigating the breach with CrowdStrike and Mandiant.

Vercel Confirms Security Breach Affecting Customer Data Through Context AI

Vercel Confirms Security Breach Affecting Customer Data Through Context AI

Vercel Confirms Security Breach Affecting Customer Data Through Context AI

Progress Software Addresses Critical Vulnerabilities in MOVEit WAF and LoadMaster

Progress Software Addresses Critical Vulnerabilities in MOVEit WAF and LoadMaster

Progress Software Addresses Critical Vulnerabilities in MOVEit WAF and LoadMaster