[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-moef218f":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"8bc901ec-fab7-4a9e-a28d-f15014637209","Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign","bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign-moef218f","Bitwarden CLI v2026.4.0 was compromised via a malicious GitHub Action injection, distributing malware on npm for 1.5 hours on April 22. The malware exfiltrates developer secrets, GitHub tokens, SSH keys, and cloud credentials to attacker infrastructure. Any developer who installed this version during the window has potentially compromised credentials in active threat actor hands.","critical","advisory",[],[13,14],"Bitwarden CLI","Bitwarden","Immediately identify and revoke all GitHub tokens, SSH keys, and cloud credentials for any developer who installed Bitwarden CLI v2026.4.0 between April 22 00:00-01:30 UTC. Hunt for exfiltration to audit.checkmarx[.]cx and suspicious GitHub repo access from compromised tokens.",[17],"e5cb6d60-4a7e-4bc3-9177-7b1ae091efa6",null,[20],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fbitwarden-cli-compromised-in-ongoing.html","archived","2026-04-27T14:09:53.884+00:00","2026-04-25T14:10:01.877258+00:00","2026-04-27T15:05:21.675658+00:00",[26],{"id":17,"title":6,"url":20}]