🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 18:24:00 GMT

odaeus@social.vivaldi.net — Thu, 23 Apr 2026 18:24:00 GMT

@shansterable you're welcome, I'm still working on getting mine to use it!

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 18:12:34 GMT

shansterable@ohai.social — Thu, 23 Apr 2026 18:12:34 GMT

@Odaeus
Thank you. My husband uses Bitwarden and I was worried.

Especially since it took me years to convince him to use a password vault because he doesn't trust them.

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 17:38:59 GMT

odaeus@social.vivaldi.net — Thu, 23 Apr 2026 17:38:59 GMT

@shansterable @thomasfuchs in this case, "Bitwarden CLI" is the name of the product from Bitwarden that was compromised. The message should be that if you don't know what it means you don't need to worry! Relatively few BW users use it.

Even for those few people who have been compromised by using the infection version, current indications are that their vault was not specifically leaked because of the way the virus works. However, if they are a programmer (likely, given the specialist nature) then they now have a serious issue as it leaks sensitive data that it finds.

Techies are concerned about this because it is a big red flag around BWs processes and could indicate they have also been compromised internally by their own tool. They say they've found no evidence of this though: https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 17:29:32 GMT

nflamel@hachyderm.io — Thu, 23 Apr 2026 17:29:32 GMT

@thomasfuchs I'm grateful that the version in Arch is apparently a couple of releases behind... but that was pretty scary for a moment.

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 17:28:11 GMT

shansterable@ohai.social — Thu, 23 Apr 2026 17:28:11 GMT

@Odaeus @thomasfuchs
I agree. I am scouring the article to find out whether passwords have been compromised. Couldn't they just lead with that?

I had to look up what a "CLI" is. Even after finding the definition, it only made things more confusing.

By the way, CLI = Command Line Interface, in case that helps anyone besides me.

I try to do for initialisms and acronyms what alt text does for images.

Reply to 🚨 If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised on Thu, 23 Apr 2026 17:09:14 GMT

odaeus@social.vivaldi.net — Thu, 23 Apr 2026 17:09:14 GMT

@thomasfuchs I feel adding "CLI" is a pretty important distinction here so as not to cause undue stress to BW users (of which I am one, including the CLI!). We don't know if they've been further compromised... yet.