Bitwarden CLI suffered a supply chain attack, with a malicious package circulating for about 1.5 hours

By: rootdata|2026/04/24 02:51:51
0
Share
copy

SlowMist CISO 23pds disclosed that the password management tool Bitwarden CLI version 2026.4.0 suffered a Checkmarx supply chain attack between 17:57 and 19:30 Eastern Time. The attacker briefly distributed a malicious package via npm by abusing the GitHub Action in the Bitwarden CI/CD pipeline.

The official confirmation states that Vault data was not leaked, and production systems were not affected; only users who installed this version via npm during that time window were impacted. The official recommendation for affected users is to immediately uninstall 2026.4.0, clean the npm cache, rotate sensitive credentials such as API Tokens and SSH Keys, investigate any abnormal activities on GitHub and CI, and upgrade to the fixed version 2026.4.1.

-- Price

--

You may also like

Trade Spot Market Orders With More Control: WEEX Adds Slippage Tolerance

WEEX Spot now supports Slippage tolerance for market orders, helping users set a maximum acceptable price deviation before placing a market buy or sell order

Morning Report | One week after the full implementation of the EU MiCA, 21 stablecoin issuers and over 270 crypto service providers have obtained regulatory qualifications; Microsoft lays off 4,800 employees, with Xbox accounting for about 3,200 of the...

July 7 Market Important Events Overview

Morning News | SK Hynix officially launches the marketing promotion process for its U.S. stock listing; the Central Cyberspace Administration announces the results of the first phase of rectifying AI application chaos, with over 14,000 non-compliant pr...

July 6 Market Important Events Overview

How has Binance's stock business performed in the 30 days since its launch?

Emerging market buying supported the first wave of demand.

Blockchain Capital Partner: AI is rewriting the fundamental unit of labor

The rise of AI is rewriting the basic unit of labor from "positions" and "companies" to "tasks." When programmable labor meets programmable currency, a production line without companies, salary systems, or HR becomes possible for the first time.

Can Open USD support Stripe's ambitions?

Stripe collaborates with multiple parties to launch OUSD, not only challenging the dominance of USDC but also exposing its trillion-dollar ambition to transition from a "payment interface" to a "next-generation funds settlement network."

Contents

Popular coins

Latest Crypto News

Read more
iconiconiconiconiconiconicon
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com