Socket researchers discovered that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign. Attackers abused a GitHub Action in Bitwarden's CI/CD pipeline to inject malicious code into the published npm package via a file called bw1.js. The investigation is ongoing, and users of Bitwarden CLI are advised to review CI logs and rotate any secrets that may have been exposed.
Sort: