Bitwarden CLI compromised in Checkmarx-related supply-chain attack

Colleagues, a security alert: the Bitwarden CLI was compromised as part of a new campaign linked to Checkmarx.
Socket reported that the package @bitwarden/cli@2026.4.0 included a malicious file (bw1.js); the attack exploited a compromised GitHub Action within CI/CD. JFrog observed that attackers exfiltrated GitHub/npm tokens, .ssh keys, .env files, shell history and cloud secrets.
The malicious release has been removed from npm, but attackers used stolen tokens to publish infected packages and inject workflows.
Why this matters: supply‑chain attacks enable compromise of customers and infrastructure through trusted packages.
What measures are you taking to protect CI/CD and secret management?
#cybersecurity #supplychain #CI/CD #opensource


Latest comments
No comments yet.