Bitwarden CLI
Coverage of Bitwarden CLI in the Nexus archive.
- Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was compromised when attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload designed to spread to other projects. The incident highlights vulnerabilities in package registries and the risks of supply chain attacks.
- Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI was compromised in an ongoing supply chain campaign attributed to Checkmarx. The incident highlights vulnerabilities in software distribution channels, with the compromised CLI tool potentially exposing users to malicious activity.
- Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI version 2026.4.0 was compromised in the Checkmarx supply chain campaign, with malicious code found in 'bw1.js'. Socket identified the attack, which leveraged a supply chain vulnerability.