Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

npm supply chain

Malicious node-ipc versions found stealing cloud and developer secrets

News, Research, Risk

May 15, 2026

Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
Bitwarden CLI hit by npm supply chain compromise in Checkmarx-linked campaign

News, Research, Risk, Vendors

April 24, 2026

Bitwarden said its CLI package was briefly compromised on npm on April 22, 2026, in a supply chain attack that targeted developer secrets and CI/CD credentials through version 2026.4.0.

About
Editorial Policy
Privacy
Contact