Skip to main content

Tag: bitwarden

3 articles

Person looks concerned while examining a laptop screen with a fake security alert.

Phishers Target LastPass, Bitwarden Users with Fake Security Alerts

Beware of fake security alerts! LastPass and Bitwarden users are being targeted by phishers with convincing emails that mimic real corporate communications, trying to trick you into visiting fraudulent websites.

Analyst 207
A coding workstation with a laptop, development tools, and papers in a clean, neutral-colored room.

Bitwarden CLI npm package targeted in supply chain attack

Bitwarden swiftly contained a brief supply chain attack on its CLI npm package, confirming that a single malicious release was live for under two hours on April 22, 2026, and assuring users that their vault data remained safe. The incident was quickly remediated, with the compromised access revoked and the malicious release deprecated.

Analyst 207
Terminal screen on a laptop in a coding workspace displays code on a blurred background.

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack

A rogue version of the Bitwarden CLI package, identified as @bitwarden/cli@2026.4.0, was compromised in a supply chain attack, stealing sensitive data like GitHub tokens and cloud secrets. The malicious code, hidden in a file called bw1.js, has already been distributed to users, putting their security at risk.

Analyst 207