Bitwarden CLI backdoored in Checkmarx supply chain attack

📅 23 April 2026 at 16:18 UTC📰 Cyber InsiderView original source ↗

The Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, with attackers injecting malicious code into an official release through a poisoned CI/CD workflow. According to a brief report from the Socket Research Team, the compromised package is @bitwarden/cli version 2026.4.0, which contains malicious code embedded in the file bw1.js. … The post Bitwarden CLI backdoored in Checkmarx supply chain attack appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

The Bitwarden CLI was compromised through a poisoned GitHub Actions workflow in the Checkmarx supply chain campaign, allowing attackers to inject malicious code into an official release.

⚙️Technical Details

💥Impact Assessment

Severity: critical

🛡️Recommended Actions

1Review CI/CD logs for unusual workflow activity or unauthorized changes

2Rotate all secrets that may have been accessible to the affected pipelines

3Verify the integrity of downloaded CLI versions and avoid using v2026.4.0

📦Affected Products

@bitwarden/cli@2026.4.0

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed