Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,
Category: DevOps and Infrastructure
DevOps, Terraform, CI/CD, GitHub Actions, GitLab CI, Jenkins, ArgoCD, FluxCD, Docker, Docker Compose, Podman, Vagrant, Packer, Nexus, SonarQube, HashiCorp Vault, Consul, Prometheus, Grafana, Loki, Alertmanager, ELK Stack, Datadog, New Relic, OpenTelemetry, SRE, site reliability engineering, infrastructure as code, IaC, GitOps, platform engineering, observability, monitoring
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
A large-scale campaign recently uncovered shows how attackers abused the trust developers place in open-source hosting to distribute two dangerous malware families, SmartLoader and StealC. By cloning legitimate projects and burying malicious ZIP archives deep inside repository structures, the threat actor made harmful downloads look like routine releases. For many victims the repository looked authentic at a glance: real source
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat
A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically
Building an AI Coding Tool Stack for Modern Development
The past few years have quietly transformed how software is written. AI-assisted tools are no longer experimental add-ons; they’re becoming integral parts of developer workflows. But picking the right combination of models, integrations, and guardrails is more art than science. This article walks through a pragmatic approach to assembling an AI coding tool stack that improves productivity without sacrificing code
Claude’s New Release — Supercharged Multi‑Agent Code Review for Every PR
Good code review is getting harder as teams ship more code. Claude’s new release brings a deeper, multi-agent review system to Claude Code so every pull request can get a careful read. The goal is simple: surface the bugs and edge cases that quick skims miss, while leaving the final approval to human reviewers. What this release is This new
Introducing the Azure Skills Plugin: Practical Azure Workflows for Coding Agents
The Azure Skills Plugin brings curated Azure expertise and an execution layer together so coding agents can do more than offer generic guidance. Rather than just suggesting commands or linking to documentation, the plugin packages decision logic (skills) and structured tools (MCP servers) so agents can reason about workflows and, when appropriate, run actions against real Azure resources. What the