Eilmeldung
Windows and Linux users urged to update Secure Boot keys before June 24 deadlineUN Chief Guterres Visits Haiti Amid Soaring Gang Violence and DisplacementVP Vance to Sign Iran Deal, Fed Chair Holds First Conference, Georgia PrimariesTrump Delays Jay Clayton Nomination, Links Surveillance Tool Approval to Voting BillCPP Investments Commits Up to $741 Million to Indian Data Center Operator CtrlSCNBC to Simulcast 11 WNBA Games This SeasonGenesis AI Unveils Eno, a Headless, Legless Humanoid RobotUber to Launch Premium Robotaxi Service in Houston by Mid-2027Federal Prison Grievance System Fails Incarcerated Women Seeking Medical CareArchaeologists Uncover Revolutionary War Fortifications at Bunker Hill MonumentWindows and Linux users urged to update Secure Boot keys before June 24 deadlineUN Chief Guterres Visits Haiti Amid Soaring Gang Violence and DisplacementVP Vance to Sign Iran Deal, Fed Chair Holds First Conference, Georgia PrimariesTrump Delays Jay Clayton Nomination, Links Surveillance Tool Approval to Voting BillCPP Investments Commits Up to $741 Million to Indian Data Center Operator CtrlSCNBC to Simulcast 11 WNBA Games This SeasonGenesis AI Unveils Eno, a Headless, Legless Humanoid RobotUber to Launch Premium Robotaxi Service in Houston by Mid-2027Federal Prison Grievance System Fails Incarcerated Women Seeking Medical CareArchaeologists Uncover Revolutionary War Fortifications at Bunker Hill Monument
Newsgather

bitwarden

Stabil4 Meldungen2 QuellenZuletzt aktualisiert: 24.04.2026
Verwandte Themennpmjfrogcheckmarxsupply_chain_attackclicredential_theftgithub_actionsdevsecops

Neueste Meldungen

Malicious Bitwarden CLI Package Exfiltrated Infrastructure Credentials via Compromised npm Release
In Entwicklung
Technik·24.04.2026KI-Zusammenfassung

Malicious Bitwarden CLI Package Exfiltrated Infrastructure Credentials via Compromised npm Release

On April 22, 2026, a malicious version of Bitwarden's command-line interface was published to npm under the official package name @bitwarden/[email protected], remaining available for 93 minutes. The compromised package targeted infrastructure credentials including GitHub tokens, npm tokens, SSH keys, AWS/GCP/Azure credentials, and GitHub Actions secrets. Security firm JFrog analyzed the payload and found it had no interest in Bitwarden vaults—only in credentials governing build, deployment, and infrastructure automation. Bitwarden confirmed the incident is connected to the broader Checkmarx supply chain campaign and found no evidence of end-user vault access or production system compromise.

C
CryptoSlate
Malicious Bitwarden CLI Package Compromised npm for 93 Minutes
In Entwicklung
Technik·24.04.2026KI-Zusammenfassung

Malicious Bitwarden CLI Package Compromised npm for 93 Minutes

On April 22, 2026, a malicious version of Bitwarden's CLI was published to npm under the official @bitwarden/cli package name for 93 minutes. The backdoored package targeted infrastructure credentials including GitHub tokens, SSH keys, AWS/GCP/Azure credentials, and GitHub Actions secrets rather than Bitwarden vaults. Bitwarden removed the package and found no evidence of vault data access. Security researchers determined the attack exploited a compromised GitHub Action in Bitwarden's CI/CD pipeline, connected to the broader Checkmarx supply chain campaign.

C
CryptoSlate
Bitwarden CLI-Kompromittierung: Schadsoftware in Version 2026.4.0 stahl Zugangsdaten
Dringend
Technik·23.04.2026KI-Zusammenfassung

Bitwarden CLI-Kompromittierung: Schadsoftware in Version 2026.4.0 stahl Zugangsdaten

Das npm-Paket @bitwarden/cli wurde zwischen dem 22. und 23. April 2026 mit einem Credential-Stealer infiziert. Die kompromittierte Version 2026.4.0 lud die Bun-Runtime herunter und exfiltrierte GitHub-Tokens, SSH-Schlüssel, AWS-, Azure- und GCP-Zugangsdaten sowie KI-Tool-Konfigurationen. Bitwarden betont, dass Vault-Daten nicht betroffen waren. Alle Nutzer sollten betroffene Systeme bereinigen und Zugangsdaten rotieren.

H
Heise Online