Cyber Incident Victim: Bitwarden
Date:
Apr 2026
Location:
United States of America
Summary
Bitwarden's CLI package was compromised via a malicious preinstall hook that stole developer secrets, GitHub tokens, SSH keys, environment variables, shell history, and cloud credentials, encrypting and exfiltrating the data to audit.checkmarx.cx and a fallback GitHub repository. The attack originated from a compromised GitHub Action in the vendor's CI/CD pipeline, enabling threat actors to inject malicious workflows and push tainted package versions, although the vendor confirmed no end‑user data was accessed and the malicious version has been removed from npm.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 23, 2026, security researchers from JFrog and Socket disclosed that the Bitwarden CLI package version @bitwarden/[email protected] had been compromised as part of the ongoing Checkmarx supply chain campaign. The malicious code was located in the file bw1.js and was executed through a preinstall hook when the package was installed. This code functioned as a credential stealer that collected GitHub and npm tokens, .ssh keys, .env files, shell history, GitHub Actions secrets, and other cloud credentials. The stolen data was encrypted using AES‑256‑GCM and exfiltrated to the domain audit.checkmarx[.]cx, with a fallback mechanism that posted the data as commits to a GitHub repository if the primary exfiltration failed.
If the malware discovered GitHub tokens, it used them to inject new GitHub Actions workflows into the affected developer’s repositories, allowing the attacker to capture additional secrets from CI/CD runs and to push malicious versions of the Bitwarden CLI package to npm. A single developer who had installed the compromised version could become an entry point for a broader supply chain compromise, granting the attacker persistent workflow injection access to any CI/CD pipeline reachable by the stolen token. Bitwarden emphasized that no end‑user data was accessed or placed at risk, and that only users who downloaded the package from npm during the limited window of the malicious release were potentially affected. The malicious version has since been removed from npm, and a CVE for Bitwarden CLI version 2026.4.0 is being issued in connection with the incident.
Bitwarden confirmed the incident and stated that it resulted from the compromise of its npm distribution mechanism following the earlier Checkmarx supply chain attack, and that a review of internal environments, release paths, and related systems found no additional impacted products or environments. Researchers from OX Security identified the string 'Shai‑Hulud: The Third Coming' embedded in the malicious package, which they suggested could indicate the next phase of the supply chain attack campaign first observed the previous year. It is suspected that the threat actor known as TeamPCP is behind this latest attack aimed at Checkmarx, although attribution remains based on the researchers’ assessment. The disclosure noted that the attack follows the same GitHub Actions supply chain vector seen in other repositories affected by the Checkmarx campaign.