The Bitwarden CLI became the latest victim in an ongoing supply chain campaign, with a malicious version published on April 22, 2026, according to new findings shared by JFrog and Socket. This version, labeled @bitwarden/cli@2026.4.0, contained code designed to exfiltrate sensitive developer data to attackers.

- Advertisement -

The attack appears to have leveraged a compromised GitHub Action in Bitwarden‘s CI/CD pipeline, consistent with the pattern seen across other affected repositories in this campaign. Consequently, the rogue package included a preinstall hook that executed data-stealing malware.

Data including GitHub and npm tokens, .ssh keys, and cloud secrets was exfiltrated to a domain impersonating Checkmarx. However, if this primary method failed, the stolen information was sent to a GitHub repository as a fallback.

The malware specifically targeted configurations for AI coding tools like Claude and Cursor. Meanwhile, if GitHub tokens were found, they were weaponized to inject malicious workflows into other repositories, as detailed in a blog post by Socket.

Security researcher Adnan Khan noted the threat actor used a malicious workflow for publication. “I believe this is the first time a package using NPM trusted publishing has been compromised,” Khan added.

- Advertisement -

OX Security said it identified the string “Shai-Hulud: The Third Coming” in the package, suggesting this is likely the next phase of the supply chain attack campaign. Interestingly, the malware is designed to quit execution on systems if their locale corresponds to Russia.

Bitwarden confirmed the incident stemmed from the compromise of its npm distribution mechanism. The company emphasized that no end-user vault data was accessed or at risk, and the malicious npm release was deprecated shortly after detection.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.