On Apr. 22, a malicious version of Bitwarden’s command-line interface appeared on npm under the official package name @bitwarden/cli@2026.4.0. For 93 minutes, anyone who pulled the CLI through npm received a backdoored substitute for the legitimate tool. Bitwarden detected the compromise, removed the package, and issued a statement saying it found no evidence that attackers
The post For 93 minutes, installing Bitwarden’s ‘official’ CLI turned laptops into launchpads for hijacking GitHub accounts appeared first on CryptoSlate. CryptoSlate Read More
About The Author
