TechFlow reports that on April 24, SlowMist CISO 23pds (@im23pds) disclosed a Checkmarx supply chain attack against Bitwarden CLI version 2026.4.0. The incident occurred between 5:57 PM and 7:30 PM EDT on April 22, during which attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this version via npm within that time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / support@techflowpost.com ICP License: 琼ICP备2022009338号
