Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket.”The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a file included in the package contents,” the application security company said.”The attack appears to have leveraged a
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
