Bitwarden CLI, a password manager used by 10M+ users and 50K+ businesses, was compromised as part of the ongoing Checkmarx supply chain campaign. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD pipeline to inject malicious code into the @bitwarden/cli 2026.4.0 npm package. The malicious payload shares infrastructure with other Checkmarx campaign tools, using identical C2 endpoints for exfiltration.
Safety
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI's npm package was poisoned through a compromised GitHub Action in a supply chain attack affecting 10M+ users, with the malicious code sharing infrastructure with other Checkmarx campaign tools.
Thursday, April 23, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
safety