Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Summary
The Bitwarden CLI has been compromised as part of a supply chain attack orchestrated by Checkmarx, according to researchers from JFrog and Socket. The malicious code was embedded in the file 'bw1.js' within the affected package version @bitwarden/cli@2026.4.0.
IFF Assessment
FOE
This is bad news for defenders as it demonstrates a successful supply chain attack compromising a widely used security tool, potentially impacting many users.
Defender Context
This incident highlights the critical risks associated with software supply chain attacks, where attackers compromise legitimate software development pipelines or distribution channels. Defenders must pay close attention to the integrity of software dependencies and perform thorough vetting of third-party code.