Rewards Hub A malicious package for Bitwarden CLI version 2026.4.0 was distributed via npm on April 23, 2026, between 5:57 AM and 7:30 AM (UTC+8). The Bitwarden security team identified the issue as part of a Checkmarx supply chain attack. Users who installed the affected version during this time are advised to uninstall it, clear their npm cache, rotate API tokens and SSH keys, and check for unusual activity on GitHub and CI systems. The team confirmed that vault data remains secure and production systems were not breached. Users should upgrade to version 2026.4.1 immediately.
Malicious Bitwarden CLI Package Detected on npm
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.