Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Bitwarden CLI npm package compromised to steal developer credentials

Summary by BleepingComputer
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Podcasts & Opinions

14 Articles

BleepingComputerBleepingComputer
Center

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Read Full Article
LinuxiacLinuxiac

Bitwarden Confirms Short-Lived npm Compromise Affecting CLI Package

Bitwarden has confirmed a brief supply-chain compromise of its CLI 2026.4.0 npm package, with no evidence of vault data exposure.

Read Full Article
Génération-NTGénération-NT

Bitwarden Cli Could Be Compromised to Inject a Malware

An updated package on a code repository was enough to turn a trusted tool into a data thief. An attack on the supply chain that hit Bitwarden CLI.

Read Full Article
phoenix.securityphoenix.security

Bitwarden CLI Backdoored: Shai-Hulud Returns Through a 93-Minute npm Window

Between 21:57 and 23:30 UTC on April 22, 2026, a malicious @bitwarden/cli@2026.4.0 was live on npm for 93 minutes — long enough to reach CI/CD pipelines, developer workstations, and cloud automation hosts. The payload steals credentials across GitHub, AWS, GCP, and Azure, propagates as a self-replicating npm worm, injects GitHub Actions workflow stealers, and poisons AI coding assistants by injecting an invisible manifesto into shell configurati…

Read Full Article
KorbenKorben

Bitwarden Cli Compromise - Shai-Hulud Strikes Again

If you installed Bitwarden CLI via npm between 5:57 pm and 7:30 pm PM (New York time) on April 22, you have to clean up on your machine as a matter of urgency!! Indeed, the @bitwarden/cli version 2026.4.0 package was compromised for 93 minutes, and the malware that was there caused damage to the 334 people who downloaded it during this window. But what is this story again? Well, many attackers managed to trap Bitwarden's GitHub Actions pipeline,…

Read Full Article
GIGAZINEGIGAZINE

Password Manager Bitwarden Suffers Supply Chain Attack; Users of the Npm Package Should Check Their Device.

Socket, a company specializing in open-source software security, has announced that its password manager, Bitwarden, was subjected to a supply chain attack.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news on Thursday, April 23, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Supply Chain icon

Supply Chain

Cyberattacks icon

Cyberattacks

Cybersecurity icon

Cybersecurity

Business & Markets icon

Business & Markets

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal