Cybernews

Bitwarden CLI compromised in supply chain attack: hundreds of developers have installed malware

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Bitwarden Confirms Compromise—Here Are The Facts

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...
BeInCrypto

Bitwarden CLI Supply Chain Attack Puts Crypto Wallet Keys at Risk

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...