Bitwarden CLI suffered a supply chain attack, with a malicious package circulating for about 1.5 hours
SlowMist CISO 23pds disclosed that the password management tool Bitwarden CLI version 2026.4.0 suffered a Checkmarx supply chain attack between 17:57 and 19:30 Eastern Time. The attacker briefly distributed a malicious package via npm by abusing the GitHub Action in the Bitwarden CI/CD pipeline.
The official confirmation states that Vault data was not leaked, and production systems were not affected; only users who installed this version via npm during that time window were impacted. The official recommendation for affected users is to immediately uninstall 2026.4.0, clean the npm cache, rotate sensitive credentials such as API Tokens and SSH Keys, investigate any abnormal activities on GitHub and CI, and upgrade to the fixed version 2026.4.1.
You may also like
A pre-announced harvesting case: After the cryptocurrency price dropped by 99%, the public chain Saga exited to transform into AI
Ethereum Foundation Report: A Basic Guide to Ethereum for Governments and Financial Institutions
Portugal 2-1 Croatia: Ronaldo's 20-Year Knockout-Stage Drought Ends With a Debt Finally Collected
Portugal beat Croatia 2-1 in the 2026 global football championship's knockout rounds as Ronaldo scored his first-ever knockout-stage goal, Gonçalo Ramos struck a stoppage-time winner, and VAR ruled out a late equalizer for offside.
Bitcoin Price Prediction July 2026: Will BTC Recover to $70K or Drop Below $55K?
A South Korean company that learned the strategy of hoarding coins, from a bull market to delisting?
Where is Zhao Changpeng's billion-dollar investment going? YZi Labs' investment landscape fully revealed
Semiconductor stocks plummet, yet Anthropic wants to create a 2nm chip
WEEX API Broker Program: Turn Your Trading Platform Into a Revenue Engine
How to choose between buying discounted ETH, Bitmine, and SharpLink?
Do you want to buy CRCL?
Wosh: Inflation has cooled in recent weeks, AI is reshaping the economy, and forward guidance has lost its necessity
The most secretive AI winner
Looking at Stripe's ambitions and the future of stablecoins from OUSD
From Pump.fun to Collector Crypt: Has Solana's income throne changed hands?
Dan Bin's latest speech: Don't miss out on a great era
Robinhood launches its own blockchain, no longer wanting to be a tenant on others' chains
Why Tokenized Stocks Are Booming in 2026 While Crypto Is Still Struggling
Former ByteDance employee's account: How I started with two Pinduoduo hard drives and made six times the profit with Seagate to achieve financial freedom?
A pre-announced harvesting case: After the cryptocurrency price dropped by 99%, the public chain Saga exited to transform into AI
Ethereum Foundation Report: A Basic Guide to Ethereum for Governments and Financial Institutions
Portugal 2-1 Croatia: Ronaldo's 20-Year Knockout-Stage Drought Ends With a Debt Finally Collected
Portugal beat Croatia 2-1 in the 2026 global football championship's knockout rounds as Ronaldo scored his first-ever knockout-stage goal, Gonçalo Ramos struck a stoppage-time winner, and VAR ruled out a late equalizer for offside.


