{"id":235792,"date":"2026-04-23T22:13:20","date_gmt":"2026-04-24T03:13:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign"},"modified":"2026-04-23T22:13:20","modified_gmt":"2026-04-24T03:13:20","slug":"bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign","title":{"rendered":"Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/bitwarden-cli-compromised-in-ongoing-checkmarx-supply-chain-campaign.jpg\"><\/a><\/p>\n<p>When reached for comment, Bitwarden <a href=\"https:\/\/community.bitwarden.com\/t\/bitwarden-statement-on-checkmarx-supply-chain-incident\/96127\">confirmed<\/a> the incident and said it stemmed from the compromise of its npm distribution mechanism following the Checkmarx supply chain attack, but emphasized that no end-user data was accessed as part of the attack. The entire statement shared with The Hacker News is reproduced verbatim below<\/p>\n<p><em>The Bitwarden security team identified and contained a malicious package that was briefly distributed through the npm delivery path for @bitwarden\/cli@2026.4.0 between 5:57 PM and 7:30 PM (ET) on April 22, 2026, in connection with a broader Checkmarx supply chain incident.<\/em><\/p>\n<p><em>The investigation found no evidence that end user vault data was accessed or at risk, or that production data or production systems were compromised. Once the issue was detected, compromised access was revoked, the malicious npm release was deprecated, and remediation steps were initiated immediately.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When reached for comment, Bitwarden confirmed the incident and said it stemmed from the compromise of its npm distribution mechanism following the Checkmarx supply chain attack, but emphasized that no end-user data was accessed as part of the attack. The entire statement shared with The Hacker News is reproduced verbatim below The Bitwarden security team [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-235792","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=235792"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235792\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=235792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=235792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=235792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}