Bitwarden NPM Package Hit in Supply Chain Attack
Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek.
The Bitwarden command-line interface (CLI) NPM package was compromised in a supply chain attack that appears tied to previous campaigns against the open source software (OSS) ecosystem.
One of the most popular open source password management platforms, with over 250,000 monthly downloads, Bitwarden allows enterprises to secure authentication with zero-knowledge encryption, password sharing, and policy and credential management.
On Thursday, multiple security firms warned that version 2026.4.0 of the Bitwarden CLI’s NPM package contained malicious code to fetch a JavaScript payload designed to steal credentials and secrets from victim machines.
Source: https://www.securityweek.com/bitwarden-npm-package-hit-in-supply-chain-attack/
Related breach coverage
- Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist2025-12-31
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
- 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack2025-11-25
The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.
- Mercor Hit by LiteLLM Supply Chain Attack2026-04-02
The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek.
- Axios NPM Package Breached in North Korean Supply Chain Attack2026-04-01
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.