> TritonInfoSec News
Home / Apr 25, 2026 / Story
0
#4 SecurityWeek general April 24, 2026 at 08:07 UTC

Bitwarden NPM Package Hit in Supply Chain Attack

By Ionut Arghire

AI Summary

TeamPCP compromised the Bitwarden CLI NPM package (@bitwarden/[email protected]) in a supply chain attack, injecting malicious code into the 'bw1.js' file. The attack is part of a broader Checkmarx supply chain campaign targeting developer tools and password management infrastructure.

Read full article → https://www.securityweek.com/bitwarden-npm-package…

Relevance score: 85.0/100

# More from April 25

  1. 1
    Firestarter malware survives Cisco firewall updates, security patches BleepingComputer
  2. 2
    New ‘Pack2TheRoot’ flaw gives hackers root Linux access BleepingComputer
  3. 3
    LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure The Hacker News
  4. 5
    Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks BleepingComputer
  5. 6
    ADT confirms data breach after ShinyHunters leak threat BleepingComputer
  6. 7
    26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases The Hacker News
  7. 8
    NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software The Hacker News
  8. 9
    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 The Hacker News
  9. 10
    China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors The Hacker News