Bitwarden CLI version 2026.4.0 has released a malicious package via npm. Affected users are advised to upgrade immediately.

PA一线
PA一线

PANews reported on April 24th that, according to a reminder forwarded by 23pds, Chief Information Security Officer of SlowMist, from the Bitwarden security team, due to the Checkmarx supply chain attack, version 2026.4.0 of the Bitwarden CLI was released as a malicious package via npm between 5:57 PM and 7:30 PM ET on April 22nd. Only users who installed it via npm during this time window were affected. The official confirmation is that Vault data was not leaked and the production system was not compromised. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials such as API tokens and SSH keys, check for unusual activity on GitHub and CI, and upgrade to version 2026.4.1.

Share to:

Author: PA一线

This content is for market information only and is not investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
活动集

活动集

Industry experts gathered to discuss reflections and breakthroughs in the era of AI Agents.
PA一线

PA一线

SlowMist CISO releases recommendations for investigating the Vercel incident.
PA一线

PA一线

The Cyberspace Administration of China and four other departments jointly released the "Interim Measures for the Administration of Human-like Interactive Services Based on Artificial Intelligence".
PA一线

PA一线

GoPlus: Adobe suspected of being attacked, 13 million user data leaked.
PA一线

PA一线

Warning: All users are urged to update their iOS systems immediately, as the DarkSword attack program has been leaked.
PA一线

PA一线

The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and other organizations released a practical guide for the secure use of OpenClaw.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
Japanese listed company Metaplanet issued 8 billion yen in zero-coupon bonds; the funds will be used to increase its Bitcoin holdings.
PANews Newsflash