As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Hackers injected credential-stealing malware into the Bitwarden CLI tool via a supply chain attack on the NPM package, ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

pnpm（高效且节省磁盘空间的 JavaScript 包管理器）发布了 pnpm 11 RC 版本。这次更新带来了多项重大改进，涵盖了性能、供应链安全以及更小、更严格的配置系统等。 pnpm 11 RC 版本的新特性包括：新增一个基于 SQLite ...

IT之家 4 月 24 日消息，科技媒体 bleepingcomputer 昨日（4 月 23 日）发布博文，报道称 Bitwarden CLI 的 npm 包遭供应链攻击，恶意版本 2026.4.0 被用于窃取开发者 npm 令牌、SSH ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

IT之家 4 月 24 日消息，科技媒体 bleepingcomputer 昨日（4 月 23 日）发布博文， 报道称 Bitwarden CLI 的 npm 包遭供应链攻击，恶意版本 2026.4.0 被用于窃取开发者 npm 令牌、SSH 密钥及云凭证等。

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

Bitwarden CLI 2026.4.0 was compromised in a supply chain attack that targets crypto wallet keys, SSH keys, and CI/CD secrets.