Reddit
Bitwarden CLI Compromised in Checkmarx Supply Chain Attack — npm Worm Steals SSH Keys and AI Tool Credentials
Version 2026.4.0 of @bitwarden/cli (78K weekly downloads) was compromised on April 22 for ~93 minutes via an infected CI/CD pipeline (publish-ci.yml). The malware steals SSH keys, cloud secrets, and AI coding tool credentials, then self-propagates by injecting malicious GitHub Actions workflows into victims' own repositories. Attribution links to the broader Checkmarx compromise campaign that previously hit Docker Hub and VS Code extensions.
Source
↳ Follow the thread