Data Breaches
[2026] Bitwarden CLI npm Compromised in Supply Chain Attack
Two hours. That's all it took for attackers to slip malicious code into Bitwarden's CLI npm package, turning a trusted password tool against developers. Credentials flew out—npm tokens, SSH keys, cloud secrets—and self-propagated to other projects.