A malicious package briefly published on npm compromised the distribution of Bitwarden's CLI and put at risk sensitive credentials from developers and CI / CD systems. Technical sources that investigated the incident identified the affected version as 2026.4.0 which was available for a short interval on 22 April 2026; Bitwarden confirmed that the problem was limited to its npm channel and to those who downloaded that specific package, and said that there is no evidence of access to user vault data or production systems, according to his public communication official.
The technical forensic analysis shows a supply chain attack pattern: the attackers would have manipulated the CI / CD process (possibly through a compromised GitHub Action) to inject a charger into the pre-installation scripts of the package. That charger downloads a runtime (Bun), runs an affuscated file and unfolds a infostealer that collects npm and GitHub tokens, SSH keys and public cloud credentials, encrypted the results with AES-256-GCM and exfiltrates the data by creating public repositories under the accounts of the victims - repositories that in several cases contain the chain "Shai-Hulud: The Third Coming" linked to previous campaigns - as documented by community analysis and response equipment independent and research providers technical.
In addition to extraction, malware incorporates propagation mechanisms: you can use stolen tokens to identify packages that the victim can publish and modify those projects to insert additional malicious code, making an initial commitment to an self-replicating threat within the package ecosystem. The profile of the campaign and certain technical coincidences point to an actor linked to previous incidents against development packages and tools, which underlines that today developers are a strategic objective for actors seeking to pivote towards more valuable infrastructure.
If you downloaded the affected version, you must assume that the secrets of the environment were compromised: immediately broken all the tokens, keys and credentials exposed especially those used by pipelines, CI / CD integrations and cloud services. Revise npm and GitHub tokens, replace SSH keys and cloud services access keys, invalidate credentials stored in runners and review GitHub's action histories to detect public repository creations or unusual activities. Change secrets without purging side access or credentials stored in runners or persistent servers leaves the door open for reuse by the attacker.
In the area of prevention and continuous mitigation, the development and supply chain should be strengthened: limiting the scope of tokens (the principle of less privilege), using short-term tokens and ephemeral credentials, activating multifactor authentication in developer accounts and in npm / GitHub, auditioning and setting versions in lockfiles, applying dependency scanning and detecting secrets in CI and adopting building integrity practices such as SLSA or artifacts signatures where possible. It is also recommended to review the GitHub Actions and other integration used in pipelines to detect unsafe or excessive third party components, and to implement policies to review changes in package publishing flows.
For researchers and response teams, the signals to be looked for include unusual pre-install scripts (for example references to bw _ setup.js in this case), downloads of unusual runtimes, processes that invoke binaries such as Bun from packages and the emergence of new public repositories with encrypted artifacts or names / strings already associated with previous campaigns. Organizations should combine log analysis, endpoint behavior detection and audit review in GitHub to rebuild the scope and confirm the breaking of secrets.
Bitwarden acted quickly to revoke committed accesses and depredate the affected publication, but this incident reinforces a recurring lesson: no unit for developers is inoculated by default. Equipment should treat development tools as risk speakers and apply controls similar to those that protect production environments: access control, active monitoring and automated response to commitment indicators. For more technical information and case tracking, see the public analyses and the Bitwarden note above.
Safety alert Drug critical vulnerability of SQL injection in PostgreSQL requires immediate update
Drucal has published safety updates for a vulnerability qualified as "highly critical" which affects Drumal Core and allows an attacker to achieve arbitrary SQL injection in sit...
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...