🔓 Data Breaches

[2026] Bitwarden CLI npm Compromised in Supply Chain Attack

Two hours. That's all it took for attackers to slip malicious code into Bitwarden's CLI npm package, turning a trusted password tool against developers. Credentials flew out—npm tokens, SSH keys, cloud secrets—and self-propagated to other projects.

CVE Watch Apr 24, 2026 4 min read
Malicious Bitwarden CLI npm package code stealing developer credentials in supply chain attack

⚡ Key Takeaways

  • Malicious @bitwarden/cli v2026.4.0 stole creds, self-propagated via npm tokens in 1.5-hour window. 𝕏
  • Linked to Checkmarx breach by TeamPCP; same malware patterns, exfil methods. 𝕏
  • No vault data hit, but devs must rotate all secrets immediately—CI/CD most at risk. 𝕏
  • npm's trust model failing; expect push for signed artifacts and secure tiers. 𝕏
Published by

CVE Watch

Threat intelligence. Zero noise.

#Checkmarx breach #TeamPCP #bitwarden-cli-npm-compromise #bitwarden-compromise #credential theft #developer-credentials-stolen #npm supply chain attack #supply chain attack #teampcp-malware

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

Related Stories

📬

Stay in the loop

The week's most important stories from CVE Watch, delivered once a week.

No spam. Unsubscribe any time.