Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
Hosted on MSN

Bitwarden CLI npm package breached in supply chain attack

A malicious version of Bitwarden's CLI password manager was briefly distributed via npm after attackers exploited a compromised GitHub Action, in a campaign linked to the Checkmarx supply chain attack ...
Hosted on MSN

Bitwarden CLI npm package hijacked in 93-minute supply chain breach

Bitwarden confirmed its CLI npm package was compromised for 93 minutes on April 22, 2026, in a sophisticated supply chain attack linked to the recent Checkmarx breach. Attackers published a malicious ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.