Dossier
credential-stealing payload
Coverage of credential-stealing payload in the Nexus archive.
- Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was compromised when attackers uploaded a malicious @bitwarden/cli package to npm, containing a credential-stealing payload designed to spread to other projects. The incident highlights vulnerabilities in package registries and the risks of supply chain attacks.