Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Published: 1 day ago (April 23, 2026 at 09:42 AM EDT)

1 min read

Source: The Hacker News

Overview

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from JFrog and Socket.

Details

The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in bw1.js, a file included in the package contents. The attack appears to have leveraged…

Back to Blog

Bitwarden CLI npm package compromised to steal developer credentials

markdown !Bitwarden logohttps://www.bleepstatic.com/content/hl-images/2023/03/08/Bitwarden_headpic.jpg Updated with further information from Bitwarden. What hap...

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Overview Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self‑propagating worm that spread...

New npm supply-chain attack self-spreads to steal auth tokens

!https://www.bleepstatic.com/content/hl-images/2022/07/05/NPM_logo_headpic.jpg A new supply‑chain attack targeting the Node Package Manager npm ecosystem is ste...

The Human Hack: Why Social Engineering is the Path of Least Resistance

In the world of cybersecurity, we often focus on the “machine vs. machine” battle—brute‑force attacks, reverse engineering, and the looming threat of quantum co...