#Credential Theft
Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack
Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a compromised GitHub Actions workflow, injecting credential-stealing malware as...
Checkmarx KICS Docker Hub Repo Hijacked: Trojanized Images and VS Code Extensions Harvest Developer Secrets
Attackers overwrote official Checkmarx KICS tags on Docker Hub and weaponized its VS Code extensions to deploy a credential stealer that exfiltrates GitHub tokens, AWS keys, SSH keys,...