Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Latest Articles
Compliance and Privacy
Ditching PsExec - Running Interactive SYSTEM Shells Natively in PowerShell
If you’ve spent any time in Windows System Administration over the last decade, I can almost guarantee you’ve reached for PsExec at least once. Originally from Sysinternals and now officially part of Microsoft, PsExec is one of those deceptively simple tools that has quietly saved thousands of IT professionals from hours of sheer agony. A single executable, zero installation, no messy dependencies. You drop it on a machine, and it just works. If you have never had the pleasure, here…
Continue readingOpenAI Debuts Shared Workspace Agents to Automate Team Handoffs
OpenAI has introduced a new class of ChatGPT tools called shared workspace agents — always-on assistants designed to carry work across systems and through multi-step processes without constant human prompting. Built on Codex, these agents aim to reduce the friction of manual handoffs inside teams by gathering information from connected systems, executing defined steps, and returning results in a way
Microsoft’s First Voluntary Retirement Offer: What Employees and the Industry Need to Know
Microsoft has quietly opened a new chapter in its approach to workforce management: for the first time in the company’s 51-year history, it is offering a one-time voluntary retirement program to thousands of long-serving U.S. employees. Announced in an internal memo from Chief People Officer Amy Coleman, the move gives eligible employees the option to leave with a financial payout
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
A large-scale campaign recently uncovered shows how attackers abused the trust developers place in open-source hosting to distribute two dangerous malware families, SmartLoader and StealC. By cloning legitimate projects and burying malicious ZIP archives deep inside repository structures, the threat actor made harmful downloads look like routine releases. For many victims the repository looked authentic at a glance: real source
Google Makes AI Your New Office Intern with Workspace Intelligence and Gemini
At its Cloud Next event, Google unveiled a suite of AI upgrades to Workspace designed to turn routine office tasks into something closer to automated muscle memory. Rather than a single flashy feature, the update stitches together a set of capabilities — Workspace Intelligence plus deeper Gemini integrations across Docs, Sheets, and other apps — that aim to reduce busywork
Accenture and WaveMaker’s bet on mid-market AI modernization
Accenture and WaveMaker have forged a strategic collaboration aimed at helping mid-market organizations modernize their applications using WaveMaker’s agentic AI platform. Rather than positioning this as a large enterprise play, the partnership focuses on companies with revenues up to about $3 billion that often lack the budgets or in-house engineering scale for full-scale digital transformation. The goal is practical: accelerate