<![CDATA[Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware.]]>Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware. This is related to the previous Checkmarx compromise.

We'll be updating this thread as always with new information. Come join the effort!

Link Preview Image
TeamPCP Campaign Spreads to npm via a Hijacked Bitwarden CLI

From: Kill Chain: The root package.json advertises @bitwarden/cli version 2026.4.0, while the embedded application metadata in build/bw.js still references 2026.3.0. That mismatch strongly suggests the malicious pac…

favicon

IFIN (discourse.ifin.network)

]]>https://board.circlewithadot.net/topic/2aaca3c6-a2b2-45aa-866c-7592e2bf091c/bitwarden-s-cli-npm-package-was-hijacked-and-used-to-spread-credential-stealer-malware.RSS for NodeThu, 30 Apr 2026 14:26:19 GMTThu, 23 Apr 2026 15:08:31 GMT60