Two Types of npm Supply Chain Attack: What Catches Each
On April 23, 2026, @bitwarden/cli was compromised as part of the ongoing Checkmarx supply chain campaign . Malicious code was injected into version 20…
Testing & QA
⚑ Report a ProblemLatest Testing & QA news from Tech News
All topics
agents
ai
api
architecture
automation
aws
beginners
career
claude
cybersecurity
devchallenge
devops
discuss
frontpage
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
rust
security
showdev
testing
tutorial
typescript
webdev
Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there.
Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there. This is a disclosure writeup. It …
Your dependencies are 48% unmaintained — and SCA tools can't see it
I just presented this at VulnCon 2026 ( slides ). Here's the tool and the data. The blind spot Your vulnerability scanner is excellent at finding CVEs…