X @BSCN

BITWARDEN CLI COMPROMISED IN SUPPLY CHAIN ATTACK, DEVELOPERS URGED TO ROTATE SECRETS IMMEDIATELYThe @Bitwarden CLI npm package version 2026.4.0 was compromised between 5:57 PM and 7:30 PM ET on April 22, after attackers breached a GitHub Action in Bitwarden's CI/CD pipeline and pushed a malicious build. This affects developers who use bitwarden/cli in CI/CD pipelines or dev machines, not regular Bitwarden password manager users. The core vault and end-user data were not touched.The payload is the self-propa ...