Bitwarden CLI suffered a supply chain attack, with a malicious package circulating for about 1.5 hours

By: rootdata|2026/04/24 02:51:51
0
Share
copy

SlowMist CISO 23pds disclosed that the password management tool Bitwarden CLI version 2026.4.0 suffered a Checkmarx supply chain attack between 17:57 and 19:30 Eastern Time. The attacker briefly distributed a malicious package via npm by abusing the GitHub Action in the Bitwarden CI/CD pipeline.

The official confirmation states that Vault data was not leaked, and production systems were not affected; only users who installed this version via npm during that time window were impacted. The official recommendation for affected users is to immediately uninstall 2026.4.0, clean the npm cache, rotate sensitive credentials such as API Tokens and SSH Keys, investigate any abnormal activities on GitHub and CI, and upgrade to the fixed version 2026.4.1.

-- Price

--

You may also like

Strategy Founder: The Next 10 Years of Bitcoin

In the next decade, the biggest evolution of Bitcoin is precisely "responding to change with invariance." The four-year cycle is giving way to capital flows such as ETFs, corporate and sovereign reserves, and bank credit, while digital credit and digital currency will grow layer upon layer on top of...

Forbes Special Report: Stablecoin cross-border payments are faster now, but not cheaper yet

Cross-border payments using stablecoins are rapidly expanding, bringing speed and accessibility, but due to insufficient institutional liquidity, they have not yet delivered on their promised cost savings. The technology has been validated, and regulations are improving, but the industry has not yet...

Li Feifei's latest long article: When video generation, robots, and NVIDIA all claim to be world models, we need a taxonomy

Language gives machines a way to talk about the world. The world model is the means by which machines ultimately understand, imagine, reason, and interact with it.

Blaming the desolation of the cryptocurrency world on the rise of AI is a form of intellectual laziness

The emergence of giants signifies a mature business model. Although it will reduce speculative space, there is also enough room for error, allowing for the continuous emergence of new forces.

The impact of OUSD on Circle, Tether, and Paxos: not a single negative factor, but a more complex reshaping of competition

OUSD will not be the last new competitor; Circle needs to respond more actively in terms of products, distribution, and ecosystem collaboration.

A valuation of 8 billion dollars, doubling in 8 months! What makes the crypto-friendly bank Erebor Bank stand out?

Erebor is a high-profile experiment taking place at the intersection of banking, cryptocurrency, and industrial policy.

Contents

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com