Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Bleeping Computer

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...
Hosted on MSN

Minecraft Java edition code no longer obfuscated

Minecraft, created by Markus "Notch" Persson long before it became the most successful game of all time and a $2bn payday to Microsoft, was written in Java. Notch obfuscated the code to prevent others ...
heise online

Password safe Bitwarden: Command-line client trojanized

Between 11:57 PM on April 22nd and 1:30 AM on April 23rd German time (5:57 PM to 7:30 PM ET), the npm package @bitwarden/cli in version 2026.4.0 was distributed with malware. This manipulated version ...