Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

2026-04-23

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Bitwarden CLI version 2026.4.0 was compromised in a supply chain attack attributed to the Checkmarx campaign, where malicious code was injected through a compromised GitHub Action.

•The malware executes via a preinstall hook and steals developer secrets including GitHub/npm tokens, SSH keys, .env files, shell history, and cloud credentials.
•Stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx[.]cx, with GitHub commits as a fallback mechanism.
•The malicious package weaponizes stolen GitHub tokens to inject malicious Actions workflows into repositories and extract CI/CD secrets.
•The threat actor is believed to be TeamPCP and used NPM trusted publishing to compromise the package, marking the first known case of this attack vector.

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks