https://rhisac.org/threat-intelligence/bitwarden-cli-compromised-in-broader-checkmarx-supply-chain-campaign/
RH-ISAC | Bitwarden CLI Compromised in Broader Checkmarx Supply Chain Campaign - RH-ISAC
Apr 27, 2026 - Security researchers from Socket have discovered that version 2026.4.0 of Bitwarden CLI has been compromised through a poisoned GitHub Actions workflow. This
bitwarden cli compromisedsupply chainrhisac
https://we-fix-pc.com/2026/04/23/bitwarden-cli-npm-package-compromised-to-steal-developer-credentials/
Bitwarden CLI npm package compromised to steal developer credentials - We Fix PC
Apr 23, 2026 - Updated with further information from Bitwarden. The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm...
npm package