Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Latest Articles
Cloudflare
Agents, Stripe Projects, and zero-friction Cloudflare provisioning
Agents can now take a project from idea to live production on Cloudflare without a human manually opening a dashboard, entering card details, or copying API keys. In partnership with Stripe’s new Projects flow, Cloudflare built a protocol that lets an orchestrator platform (like Stripe Projects) attest to a signed‑in user’s identity, provide a payment token, and expose a catalog of available services. An agent using that catalog can provision a Cloudflare account, start paid subscriptions, register domains, and receive…
Continue readingOpenAI Debuts Shared Workspace Agents to Automate Team Handoffs
OpenAI has introduced a new class of ChatGPT tools called shared workspace agents — always-on assistants designed to carry work across systems and through multi-step processes without constant human prompting. Built on Codex, these agents aim to reduce the friction of manual handoffs inside teams by gathering information from connected systems, executing defined steps, and returning results in a way
Microsoft’s First Voluntary Retirement Offer: What Employees and the Industry Need to Know
Microsoft has quietly opened a new chapter in its approach to workforce management: for the first time in the company’s 51-year history, it is offering a one-time voluntary retirement program to thousands of long-serving U.S. employees. Announced in an internal memo from Chief People Officer Amy Coleman, the move gives eligible employees the option to leave with a financial payout
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
A large-scale campaign recently uncovered shows how attackers abused the trust developers place in open-source hosting to distribute two dangerous malware families, SmartLoader and StealC. By cloning legitimate projects and burying malicious ZIP archives deep inside repository structures, the threat actor made harmful downloads look like routine releases. For many victims the repository looked authentic at a glance: real source
Google Makes AI Your New Office Intern with Workspace Intelligence and Gemini
At its Cloud Next event, Google unveiled a suite of AI upgrades to Workspace designed to turn routine office tasks into something closer to automated muscle memory. Rather than a single flashy feature, the update stitches together a set of capabilities — Workspace Intelligence plus deeper Gemini integrations across Docs, Sheets, and other apps — that aim to reduce busywork
Accenture and WaveMaker’s bet on mid-market AI modernization
Accenture and WaveMaker have forged a strategic collaboration aimed at helping mid-market organizations modernize their applications using WaveMaker’s agentic AI platform. Rather than positioning this as a large enterprise play, the partnership focuses on companies with revenues up to about $3 billion that often lack the budgets or in-house engineering scale for full-scale digital transformation. The goal is practical: accelerate