On April 22, 2026, a malicious version of @bitwarden/cli was live on npm for 93 minutes before it was pulled. It was part of a supply chain campaign that has been quietly escalating since 2025 — and this time, it targeted the tool built specifically to protect your credentials.
On February 6, 2026, Salesforce entered Heroku into “sustaining engineering mode” — no new features, no new enterprise contracts, engineering focused on keeping the lights on. Here’s what that designation actually means, the trigger events to watch for, and how to think about your migration timeline.
A Roblox cheat download at a third-party AI company triggered a $2M ransom demand against Vercel. Here’s the full attack chain and what it teaches us about how fast we’re granting access to AI tools. Updated April 26, 2026 with new investigation findings.
Firefox 150 shipped 271 fixes from Mythos. An unauthorized group accessed the model through a contractor. Here’s what Project Glasswing actually means for infrastructure operators — and what the coverage gets wrong. Updated April 22, 2026.
Between March 19 and 23, 2026, a threat actor known as TeamPCP compromised Aqua Security’s CI/CD pipeline. For four days, anyone who pulled a Trivy container image received malware. Here’s what happened — and what it teaches us about how we reference dependencies.