The Bitwarden security team confirms that a malicious version of the command-line client was briefly distributed.
Between 11:57 PM on April 22nd and 1:30 AM on April 23rd German time , the npm package @bitwarden/cli in version 2026.4.0 was distributed with malware.
This manipulated version stole user credentials. However, Bitwarden emphasizes that end-user data stored in the actual safe was not affected. , the security team identified and contained the manipulated package. Distribution was exclusively via NPM; anyone who did not obtain the package via NPM during the specified period is not affected.
The compromised version has since been marked as deprecated, and the misused access has been revoked. The incident is part of a larger attack on the Checkmarx supply chain. The malware targeted a wide range of sensitive data: GitHub and npm tokens, SSH keys, shell histories, and credentials for AWS, Google Cloud, and Azure.
Furthermore, it exfiltrated GitHub Actions secrets, Git credentials,files, and even configuration files from AI tools like Claude and MCP, sending them to the attackers. . As a fallback, the malware used a sophisticated mechanism: stolen GitHub tokens were validated to create repositories under the victim's account for data exfiltration. Double-Base64-encoded PATs were hidden in commit messages with the marker "LongLiveTheResistanceAgainstMachines".
Crucially, all credentials stored on the compromised system must be rotated: GitHub Personal Access Tokens, npm tokens, AWS Access Keys, Azure and GCP secrets, and SSH keys. GitHub Actions workflows should also be checked for unauthorized executions. The domainCurrently, all repositories are again distributing the regular version 2026.3.0. According to the manufacturer, this and all other versions of the Bitwarden CLI except 2026.4.0 are not affected.
Production systems and vault data were not compromised at any time. Links zu verschenkten Artikeln werden ungültig, wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Bitwarden Github Google Cloud IT Malware Passwörter SSH Security
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Passwortsafe Bitwarden: Kommandozeilen-Client trojanisiertDas Bitwarden-Security-Team bestätigt, dass kurzzeitig eine bösartige Version des Kommandozeilen-Client ausgeliefert wurde.
Read more »
Turtle Beach MC7: Jetzt bekommt auch die Maus ein Touchscreen-DisplayBrauchen Mäuse ein Touchscreen-Display? Turtle Beach sagt mit der neuen Command Series MC7 „Ja“. Es dient als Anzeige und Tastenfeld.
Read more »
Turtle Beach KB5 & KB7: Im Touchscreen liegt die Tastatur-ZukunftTouchscreen-Displays machen die Command Series KB5 und KB7 besonders. Letztere modularisiert zudem ihren Nummernblock.
Read more »
Turtle Beach: Gaming-Maus mit Touchscreen und WechselakkuIn das 160 Euro teure Gaming-Maus-Experiment Command Series MC7 hat Turtle Beach einen Touchscreen eingebaut. Wer will, kann auch eine passende Tastatur kaufen.
Read more »