A malicious version of Bitwarden CLI was distributed via npm, enabling attackers to steal credentials from developers and CI/CD pipelines. The breach highlights growing risks in software supply chains and the need for rapid incident response.
#Bitwarden | #Supply Chain Attack | #Credential Exfiltration
A trusted GitHub automation and a popular open-source password manager became the perfect storm for TeamPCP’s Shai-Hulud malware campaign, stealing credentials and poisoning AI coding tools from inside the developer supply chain.
A dramatic supply chain attack hit Bitwarden CLI’s npm package, using GitHub Actions to inject credential-stealing malware and exfiltrate secrets to Dune-themed public repositories. Here’s how it happened and what it means for open source security.
Attackers exploited Bitwarden’s CI/CD pipeline with a rogue GitHub Action, injecting malware into the @bitwarden/cli npm package. The breach harvests credentials and exfiltrates them through Dune-themed public repositories, highlighting new risks in software supply chains.
Bitwarden’s npm CLI package was briefly hijacked in April 2026, allowing attackers to steal credentials from developers. The incident, linked to the TeamPCP group and Checkmarx breach, underscores the growing threat of supply chain attacks in the software ecosystem.
Bitwarden’s CLI npm package was briefly hijacked in a supply chain attack, exposing credentials and secrets via a compromised GitHub Actions workflow. Investigators link the incident to the Checkmarx campaign, highlighting new threats to trusted developer tools.
Bitwarden introduces passkey login for Windows 11, allowing users to authenticate without passwords. This move leverages cryptographic credentials for enhanced security and marks a new chapter in passwordless authentication.
Bitwarden’s Cupid Vault lets free users securely share passwords with one trusted partner. Our feature investigates how it works, the technical safeguards, and the risks that come with digital intimacy.