PANews
PANews|4月 24, 2026 01:41
[Bitwarden CLI Version 2026.4.0 Released Malicious Package via npm, Affected Users Advised to Upgrade Immediately] According to a reminder forwarded by SlowMist Chief Information Security Officer 23pds from the Bitwarden security team, the 2026.4.0 version of Bitwarden CLI was affected by a Checkmarx supply chain attack and had a malicious package released via npm on April 22 from 5:57 PM to 7:30 PM Eastern Time. Only users who installed via npm during this time window are affected. The official team has confirmed that Vault data was not leaked, and production systems were not compromised. Affected users are advised to immediately uninstall version 2026.4.0, clear the npm cache, rotate sensitive credentials such as API Tokens and SSH Keys, check for abnormal activity on GitHub and CI, and upgrade to version 2026.4.1.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads